ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

GEN-ART review of draft-ietf-krb-wg-clear-text-cred-02

2011-08-25 12:09:54
from [kathleen.moriarty] [Permanent Link] 
I am the assigned Gen-ART reviewer for this draft. For background on 
Gen-ART, please see the FAQ at 
< http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>. 

Please wait for direction from your document shepherd 
or AD before posting a new version of the draft. 

Document: draft-ietf-krb-wg-clear-text-cred-02
Reviewer: Kathleen M. Moriarty
Review Date: 08-24-11
IETF LC End Date: 08-25-11
IESG Telechat date: 08-25-11

Summary: The document is ready with nits

Major issues: 

Minor issues: 

Nits/editorial comments: 
Introduction:
Consider changing from:
  There are applications which need to transfer Kerberos credentials
   between them without having a prior relationship with established
   Kerberos keys. 
To: "There are applications which need to transfer Kerberos credentials
   between them without having established a prior relationship with
   Kerberos keys."

Consider breaking the following sentence into two sentences, it is a little 
difficult to read as a number of concepts are introduced within this one 
sentence:
   "In the SAML application, the Identity Provider (IdP) somehow obtains
   a Kerberos service ticket from the Kerberos Key Distribution Center
   (KDC) when required by the SAML system and transfers the credential
   to a Service Provider (SP) within an attribute statement."

Security Considerations section:
Consider changing the following From:
   The use of an unencrypted form of the KRB-CRED message MUST only be
   used with a transport where sender and recipient identities can been
   established to be known to each other. 
To: "The use of an unencrypted form of the KRB-CRED message MUST only be
   used with a transport where sender and recipient identities can been
   established and are known to each other. "

Consider changing from:
   Examples of transports which MAY be securely used to transport an
   unencrypted KRB-CRED message would include Transport Layer Security
   (TLS) [RFC5246] where mutual authentication has been established and
   those encoded within encrypted and signed SAML Security Assertion
   Markup Language (SAML) 2.0 [OASIS.saml-core-2.0-os] statement.

To: Examples of transports which MAY be securely used to transport an
   unencrypted KRB-CRED message would include Transport Layer Security
   (TLS) [RFC5246], where mutual authentication has been established, and
   a SAML Security Assertion Markup Language (SAML) 2.0 
[OASIS.saml-core-2.0-os] statement that is encrypted and signed.


Thanks,
Kathleen
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • GEN-ART review of draft-ietf-krb-wg-clear-text-cred-02, kathleen.moriarty <=
Previous by Date:  Re: [OSPF] [karp] Last Call: <draft-ietf-ospf-auth-trailer-ospfv3-05.txt> (Supporting Authentication Trailer for OSPFv3) to Proposed Standard, Acee Lindem
Next by Date:  Re: Hyatt Taipei cancellation policy?, geoff
Previous by Thread:  Re: [websec] Last Call: <draft-ietf-websec-origin-04.txt> (The Web Origin Concept) to Proposed Standard, Julian Reschke
Next by Thread:  Gen-ART review of draft-ietf-krb-wg-otp-preauth-18, david.black
Indexes:  [Date] [Thread] [Top] [All Lists]