1 files changed, 0 insertions, 378 deletions
diff --git a/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerberos-pk-tapp-03.txt b/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerberos-pk-tapp-03.txt
deleted file mode 100644
index 6581dd5..0000000
--- a/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerberos-pk-tapp-03.txt
+++ /dev/null
@@ -1,378 +0,0 @@
-INTERNET-DRAFT                                    Ari Medvinsky
-draft-ietf-cat-kerberos-pk-tapp-03.txt            Keen.com, Inc.
-Expires January 14, 2001                          Matthew Hur
-Informational					  CyberSafe Corporation
-						  Sasha Medvinsky
-						  Motorola
-                                                  Clifford Neuman
-                                                  USC/ISI
-
-Public Key Utilizing Tickets for Application Servers (PKTAPP)
-
-
-0. Status Of this Memo
-
-This document is an Internet-Draft and is in full conformance with
-all provisions of Section 10 of RFC 2026.  Internet-Drafts are
-working documents of the Internet Engineering Task Force (IETF),
-its areas, and its working groups.  Note that other groups may also
-distribute working documents as Internet-Drafts.
-
-Internet-Drafts are draft documents valid for a maximum of six
-months and may be updated, replaced, or obsoleted by other
-documents at any time.  It is inappropriate to use Internet-Drafts
-as reference material or to cite them other than as "work in
-progress."
-
-The list of current Internet-Drafts can be accessed at
-http://www.ietf.org/ietf/1id-abstracts.txt
-
-The list of Internet-Draft Shadow Directories can be accessed at
-http://www.ietf.org/shadow.html.
-
-To learn the current status of any Internet-Draft, please check
-the "1id-abstracts.txt" listing contained in the Internet-Drafts
-Shadow Directories on ftp.ietf.org (US East Coast),
-nic.nordu.net (Europe), ftp.isi.edu (US West Coast), or
-munnari.oz.au (Pacific Rim).
-
-The distribution of this memo is unlimited.  It is filed as
-draft-ietf-cat-kerberos-pk-init-10.txt, and expires April 30,
-2000.  Please send comments to the authors.
-
-1. Abstract
-
-Public key based Kerberos for Distributed Authentication[1], (PKDA) 
-proposed by Sirbu & Chuang, describes PK based authentication that 
-eliminates the use of a centralized key distribution center while 
-retaining the advantages of Kerberos tickets.  This draft describes how, 
-without any modification, the PKINIT specification[2] may be used to 
-implement the ideas introduced in PKDA.  The benefit is that only a 
-single PK Kerberos extension is needed to address the goals of PKINIT & 
-PKDA.
-
-
-
-2. Introduction
-
-With the proliferation of public key cryptography, a number of public 
-key extensions to Kerberos have been proposed to provide 
-interoperability with the PK infrastructure and to improve the Kerberos 
-authentication system [4].  Among these are PKINIT[2] (under development
-in the CAT working group) and more recently PKDA [1] proposed by Sirbu & 
-Chuang of CMU.  One of the principal goals of PKINIT is to provide for 
-interoperability between a PK infrastructure and Kerberos.  Using 
-PKINIT, a user can authenticate to the KDC via a public key certificate.  
-A ticket granting ticket (TGT), returned by the KDC, enables a PK user 
-to obtain tickets and authenticate to kerberized services.  The PKDA 
-proposal goes a step further.  It supports direct client to server 
-authentication, eliminating the need for an online key distribution 
-center.  In this draft, we describe how, without any modification, the 
-PKINIT protocol may be applied to achieve the goals of PKDA. For direct 
-client to server authentication, the client will use PKINIT to 
-authenticate to the end server (instead of a central KDC), which then, 
-will issue a ticket for itself.  The benefit of this proposal, is that a 
-single PK extension to Kerberos can addresses the goals of PKINIT and 
-PKDA.
-
-
-3. PKDA background
-
-The PKDA proposal provides direct client to server authentication, thus 
-eliminating the need for an online key distribution center.  A client 
-and server take part in an initial PK based authentication exchange, 
-with an added caveat that the server acts as a Kerberos ticket granting 
-service and issues a traditional Kerberos ticket for itself.  In 
-subsequent communication, the client makes use of the Kerberos ticket, 
-thus eliminating the need for public key operations on the server.  This 
-approach has an advantage over SSL in that the server does not need to 
-save state (cache session keys).  Furthermore, an additional benefit, is 
-that Kerberos tickets can facilitate delegation (see Neuman[3]). 
-
-Below is a brief overview of the PKDA protocol.  For a more detailed 
-description see [1]. 
-
-SCERT_REQ: Client to Server
-The client requests a certificate from the server.  If the serverÆs 
-certificate is cached locally, SCERT_REQ and SCERT_REP are omitted.
-
-SCERT_REP:  Server to Client
-The server returns its certificate to the client.
-
-PKTGS_REQ: Client to Server
-The client sends a request for a service ticket to the server.  To 
-authenticate the request, the client signs, among other fields, a time 
-stamp and a newly generated symmetric key .  The time stamp is used to 
-foil replay attacks;  the symmetric key is used by the server to secure 
-the PKTGS_REP message. 
-The client provides a certificate in the request (the certificate 
-enables the server to verify the validity of the clientÆs signature) and 
-seals it along with the signed information using the serverÆs public 
-key.  
-
- 
-PKTGS_REP:  Server to Client
-The server returns a service ticket (which it issued for itself) along 
-with the session key for the ticket.  The session key is protected by 
-the client-generated key from the PKTGS_REQ message.  
-
-AP_REQ:  Client to Server
-After the above exchange, the client can proceed in a normal fashion, 
-using the conventional Kerberos ticket in an AP_REQ message.
-
-
-4. PKINIT background
-
-One of the principal goals of PKINIT is to provide for interoperability 
-between a public key infrastructure and Kerberos.  Using a public key 
-certificate, a client can authenticate to the KDC and receive a TGT 
-which enables the client to obtain service tickets to kerberized 
-services..  In PKINIT, the AS-REQ and AS-REP messages remain the same; 
-new preauthentication data types are used to conduct the PK exchange.  
-Client and server certificates are exchanged via the preauthentication 
-data.  Thus, the exchange of certificates , PK authentication, and 
-delivery of a TGT can occur in two messages.
-
-Below is a brief overview of the PKINIT protocol.  For a more detailed 
-description see [2]. 
-
-PreAuthentication data of AS-REQ:  Client to Server
-The client sends a list of trusted certifiers, a signed PK 
-authenticator, and its certificate.  The PK authenticator, based on the 
-Kerberos authenticator, contains the name of the KDC, a timestamp, and a 
-nonce.
-
-PreAuthentication data of AS-REP:  Server to Client
-The server responds with its certificate and the key used for decrypting 
-the encrypted part of the AS-REQ.  This key is encrypted with the 
-clientÆs public key.
-
-AP_REQ:  Client to Server
-After the above exchange, the client can proceed in a normal fashion, 
-using the conventional Kerberos ticket in an AP_REQ message.
-
-
-5. Application of PKINIT to achieve equivalence to PKDA
-
-While PKINIT is normally used to retrieve a ticket granting ticket 
-(TGT), it may also be used to request an end service ticket.  When used 
-in this fashion, PKINIT is functionally equivalent to PKDA.  We 
-introduce the concept of a local ticket granting server (LTGS) to 
-illustrate how PKINIT may be used for issuing end service tickets based 
-on public key authentication.  It is important to note that the LTGS may 
-be built into an application server, or it may be a stand-alone server 
-used for issuing tickets within a well-defined realm, such as a single 
-machine.  We will discuss both of these options.
-
-
-5.1. The LTGS
-
-The LTGS processes the Kerberos AS-REQ and AS-REP messages with PKINIT 
-preauthentication data.  When a client submits an AS-REQ to the LTGS, it
-specifies an application server, in order to receive an end service 
-ticket instead of a TGT.
-
-
-5.1.1. The LTGS as a standalone server
-
-The LTGS may run as a separate process that serves applications which 
-reside on the same machine. This serves to consolidate administrative 
-functions and provide an easier migration path for a heterogeneous 
-environment consisting of both public key and Kerberos.  The LTGS would 
-use one well-known port (port #88 - same as the KDC) for all message 
-traffic and would share a symmetric with each service.  After the client 
-receives a service ticket, it then contacts the application server 
-directly.  This approach is similar to the one suggested by Sirbu , et 
-al [1].
-
-5.1.1.1. Ticket Policy for PKTAPP Clients
-
-It is desirable for the LTGS to have access to a PKTAPP client ticket
-policy. This policy will contain information for each client, such as 
-the maximum lifetime of a ticket, whether or not a ticket can be 
-forwardable, etc. PKTAPP clients, however, use the PKINIT protocol for
-authentication and are not required to be registered as Kerberos 
-principals.
-
-As one possible solution, each public key Certification Authority could
-be registered in a secure database, along with the ticket policy 
-information for all PKTAPP clients that are certified by this
-Certification Authority.
-
-5.1.1.2. LTGS as a Kerberos Principal
-
-Since the LTGS serves only PKTAPP clients and returns only end service
-tickets for other services, it does not require a Kerberos service key 
-or a Kerberos principal identity. It is therefore not necessary for the
-LTGS to even be registered as a Kerberos principal.
-
-The LTGS still requires public key credentials for the PKINIT exchange,
-and it may be desired to have some global restrictions on the Kerberos
-tickets that it can issue. It is recommended (but not required) that
-this information be associated with a Kerberos principal entry for the
-LTGS.
-
-
-5.1.1.3. Kerberos Principal Database
-
-Since the LTGS issues tickets for Kerberos services, it will require
-access to a Kerberos principal database containing entries for at least
-the end services. Each entry must contain a service key and may also
-contain restrictions on the service tickets that are issued to clients.
-It is recommended that (for ease of administration) this principal
-database be centrally administered and distributed (replicated) to all
-hosts where an LTGS may be running.
-
-In the case that there are other clients that do not support PKINIT
-protocol, but still need access to the same Kerberos services, this
-principal database will also require entries for Kerberos clients and
-for the TGS entries.
-
-5.1.2. The LTGS as part of an application server
-
-The LTGS may be combined with an application server.  This accomplishes 
-direct client to application server authentication; however, it requires 
-that applications be modified to process AS-REQ and AS-REP messages.  
-The LTGS would communicate over the port assigned to the application 
-server or over the well known Kerberos port for that particular 
-application.
-
-5.1.2.2. Ticket Policy for PKTAPP Clients
-
-Application servers normally do not have access to a distributed 
-principal database. Therefore, they will have to find another means of
-keeping track of the ticket policy information for PKTAPP clients. It is
-recommended that this ticket policy be kept in a directory service (such
-as LDAP).  
-
-It is critical, however, that both read and write access to this ticket
-policy is restricted with strong authentication and encryption to only
-the correct application server.  An unauthorized party should not have
-the authority to modify the ticket policy. Disclosing the ticket policy
-to a 3rd party may aid an adversary in determining the best way to
-compromise the network.
-
-It is just as critical for the application server to authenticate the
-directory service. Otherwise an adversary could use a man-in-the-middle
-attack to substitute a false ticket policy with a false directory
-service.
-
-5.1.2.3. LTGS Credentials
-
-Each LTGS (combined with an application service) will require public key
-credentials in order to use the PKINIT protocol. These credentials can 
-be stored in a single file that is both encrypted with a password-
-derived symmetric key and also secured by an operating system. This
-symmetric key may be stashed somewhere on the machine for convenience,
-although such practice potentially weakens the overall system security
-and is strongly discouraged.
-
-For added security, it is recommended that the LTGS private keys are
-stored inside a temper-resistant hardware module that requires a pin
-code for access.
-
-
-5.1.2.4. Compatibility With Standard Kerberos
-
-Even though an application server is combined with the LTGS, for
-backward compatibility it should still accept service tickets that have
-been issued by the KDC. This will allow Kerberos clients that do not
-support PKTAPP to authenticate to the same application server (with the
-help of a KDC).
-
-5.1.3. Cross-Realm Authentication
-
-According to the PKINIT draft, the client's realm is the X.500 name of
-the Certification Authority that issued the client certificate. A 
-Kerberos application service will be in a standard Kerberos realm, which
-implies that the LTGS will need to issue cross-realm end service 
-tickets. This is the only case, where cross-realm end service tickets
-are issued. In a standard Kerberos model, a client first acquires a
-cross-realm TGT, and then gets an end service ticket from the KDC that
-is in the same realm as the application service.
-
-6. Protocol differences between PKINIT and PKDA
-
-Both PKINIT and PKDA will accomplish the same goal of issuing end 
-service tickets, based on initial public key authentication.  A PKINIT-
-based implementation and a PKDA implementation would be functionally 
-equivalent.  The primary differences are that 1)PKDA requires the client 
-to create the symmetric key while PKINIT requires the server to create 
-the key and 2)PKINIT accomplishes in two messages what PKDA accomplishes 
-in four messages.
-
-7. Summary
-
-The PKINIT protocol can be used, without modification to facilitate 
-client to server authentication without the use of a central KDC.  The 
-approach described in this draft  (and originally proposed in PKDA[1]) 
-is essentially a public key authentication protocol that retains the 
-advantages of Kerberos tickets.
-
-Given that PKINIT has progressed through the CAT working group of the 
-IETF, with plans for non-commercial distribution (via MITÆs v5 Kerberos)  
-as well as commercial support, it is worthwhile to provide PKDA 
-functionality, under the PKINIT umbrella.
-
-8. Security Considerations
-
-PKTAPP is based on the PKINIT protocol and all security considerations
-already listed in [2] apply here.
-
-When the LTGS is implemented as part of each application server, the
-secure storage of its public key credentials and of its ticket policy
-are both a concern.  The respective security considerations are already
-covered in sections 5.1.2.3 and 5.1.2.2 of this document.  
-
-
-9. Bibliography
-
-[1] M. Sirbu, J. Chuang.  Distributed Authentication in Kerberos Using 
-Public Key Cryptography.  Symposium On Network and Distributed System 
-Security, 1997.
-
-[2] B. Tung, C. Neuman, M. Hur, A. Medvinsky, S. Medvinsky, J. Wray,
-J. Trostle.  Public Key Cryptography for Initial Authentication in
-Kerberos.  Internet Draft, October 1999. 
-(ftp://ietf.org/internet-drafts/draft-ietf-cat-kerberos-pk-init-10.txt)
-
-[3] C. Neuman, Proxy-Based Authorization and Accounting for 
-Distributed Systems.  In Proceedings of the 13th International 
-Conference on Distributed Computing Systems, May 1993.
-
-[4] J. Kohl, C. Neuman.  The Kerberos Network Authentication Service
-(V5).  Request for Comments 1510.
-
-10.  Expiration Date
-
-This draft expires April 24, 2000.
-
-11. Authors
-
-Ari Medvinsky
-Keen.com, Inc.
-150 Independence Dr.
-Menlo Park, CA 94025
-Phone +1 650 289 3134
-E-mail: ari@keen.com
-
-Matthew Hur
-CyberSafe Corporation
-1605 NW Sammamish Road
-Issaquah, WA 98027-5378
-Phone: +1 425 391 6000
-E-mail: matt.hur@cybersafe.com
-
-Alexander Medvinsky
-Motorola
-6450 Sequence Dr.
-San Diego, CA 92121
-Phone: +1 858 404 2367
-E-mail: smedvinsky@gi.com
-
-Clifford Neuman
-USC Information Sciences Institute
-4676 Admiralty Way Suite 1001
-Marina del Rey CA 90292-6695
-Phone: +1 310 822 1511
-E-mail: bcn@isi.edu