Thanks for the valuable input, Henry and Nico! JSSE had supported RFC2712 for a few years. We are trying to move the implementation of RFC2712 into the Krb5 module of JDK.
The input is valuable to me to follow the trend of TLS/Kerberos. Is there a draft proposal for the new use of Kerberos in TLS? I think we can benefits from the new ideas while doing the moving. Thanks & Regards, Xuelei On 10/22/2014 5:09 AM, Nico Williams wrote: > [Adding Roland and Viktor to the cc list. I'm not quoting anything, > but it's roughly this: there's interest in implementing RFC2712, which > is Kerberos in TLS. Hank is inviting me to state my opinion; see > below.] > > RFC2712 is to be burned. Please do not implement. We should either > add a different extension to TLS to use Kerberos (or GSS), or simply > not try this. > > There are at least two major problems with RFC2712: > > - ciphersuite impedance mistmatches: > > The way this should have worked is that the Kerberos [sub-]session > key should have been used to key any TLS PSK ciphersuite. But instead > we have a TLS ciphersuite per-Kerberos enctype, and... that list > hasn't kept up with the times, so there's no AES ones. Oops. > > - RFC2712 does NOT use the AP-REQ PDU. It violates the interfaces > provided by RFC1510 (later RFC4120). This is bad in many ways, and > you'll notice if you try to implement it. > > As for JGSS and Java Kerberos, there are many other bugs/RFEs I'd > rather see fixed/implemented there before anything like RFC2712. > > Nico > -- >
