Kerberos V5 over TLS

This page contains the documents related to using Kerberos 5 over TLS, which is implemented by Shishi.

Please send feedback to me.

Kerberos TCP Expansion

• rfc5021.txt - tcp-expansion
• draft-ietf-krb-wg-tcp-expansion.txt [XML source]
• IETF I-D tracker

Kerberos Starttls

• draft-josefsson-kerberos5-starttls.txt [XML source]
• draft-josefsson-kerberos5-starttls.html, html version.
• Diff between -06 and current version.
• Diff between -05 and -06.
• Diff between -04 and -05.
• Diff between -03 and -04.
• Diff between -02 and -03.
• Diff between -01 and -02.
• Diff between -00 and -01.

Kerberos Starttls Bootstrapping

• draft-josefsson-krb5starttls-bootstrap.txt [XML source]
• draft-josefsson-krb5starttls-bootstrap.html, html version.
• Diff between -02 and current version.
• Diff between -01 and -02.
• Diff between -00 and -01.

Change History

2009-03-09

draft-josefsson-kerberos5-starttls-06.txt was published, adding a section on server certificate validation.

2009-03-06

draft-josefsson-krb5starttls-bootstrap-02.txt was published, rewritten to use a new PA-TLS type.

2009-03-02

draft-josefsson-krb5starttls-bootstrap-01.txt was published, adds a PA-ENC-TIMESTAMP option.

2009-03-02

draft-josefsson-krb5starttls-bootstrap-00.txt was published, addresses channel binding in krb5starttls.

2009-03-02

draft-josefsson-kerberos5-starttls-05.txt was published, removing the channel binding section.

2008-12-05

draft-josefsson-kerberos5-starttls-04.txt was published, fixing most PROTO writeup feedback.

2007-12-03

draft-josefsson-kerberos5-starttls-03.txt was published, with channel binding PA-DATA.

2007-08-17

The RFC-editor announced RFC 5021.

2007-05-14

The IESG approved draft-ietf-krb-wg-tcp-expansion-01.

2007-05-02

draft-ietf-krb-wg-tcp-expansion-02.txt was announced, attempts to resolve IETF LC issues.

2007-04-02

IETF Last Call of draft-ietf-krb-wg-tcp-expansion-01 ended.

2007-03-14

IETF Last Call for draft-ietf-krb-wg-tcp-expansion-01 issued.

2006-10-23

draft-josefsson-kerberos5-starttls-02.txt was published.

2006-10-03

draft-josefsson-kerberos5-starttls-01.txt was submitted. This document now only describes the TLS part in the TCP expansion framework.

2006-09-15

draft-ietf-krb-wg-tcp-expansion-01.txt was announced, attempts to resolve WGLC issues.

2006-09-02

Some issues were brought up, presumably a summary of the WGLC issues for draft-ietf-krb-wg-tcp-expansion-00.

2006-06-22

Working Group Last Call of -00 ended.

2006-06-08

Working Group Last Call of draft-ietf-krb-wg-tcp-expansion-00 was initiated.

2006-05-11

draft-ietf-krb-wg-tcp-expansion-00.txt was announced.

2006-04-23

draft-josefsson-krb-tcp-expansion-02 was announced.

2006-04-10

draft-josefsson-krb-tcp-expansion-01 was announced.

2005-11-12

draft-josefsson-krb-tcp-expansion-00 was announced. This document describes the TCP expansion framework only.

2004-11-13

draft-josefsson-kerberos5-starttls-00.txt was announced.

Sponsor

This work was sponsored by Simon Josefsson Datakonsult AB. If you need commercial help with utilizing this technology, or have a related project that you want help with, please feel free to contact me. If you find my work in this area useful, also please consider making a donation. No amount is too small!

The copying conditions for RFCs apply, of course. However, beyond that, the essential parts of the document is also available under the following, less restrictive, license.

	Copyright (C) 2003, 2004, 2005, 2006 Simon Josefsson

   Regarding this entire document or any portion of it, the author makes
   no guarantees and is not responsible for any damage resulting from
   its use.  The author grants irrevocable permission to anyone to use,
   modify, and distribute it in any way that does not diminish the
   rights of anyone else to use, modify, and distribute it, provided
   that redistributed derivative works do not contain misleading author
   or version information.  Derivative works need not be licensed under
   similar terms.