[Adding Roland and Viktor to the cc list. I'm not quoting anything, but it's roughly this: there's interest in implementing RFC2712, which is Kerberos in TLS. Hank is inviting me to state my opinion; see below.]
RFC2712 is to be burned. Please do not implement. We should either add a different extension to TLS to use Kerberos (or GSS), or simply not try this. There are at least two major problems with RFC2712: - ciphersuite impedance mistmatches: The way this should have worked is that the Kerberos [sub-]session key should have been used to key any TLS PSK ciphersuite. But instead we have a TLS ciphersuite per-Kerberos enctype, and... that list hasn't kept up with the times, so there's no AES ones. Oops. - RFC2712 does NOT use the AP-REQ PDU. It violates the interfaces provided by RFC1510 (later RFC4120). This is bad in many ways, and you'll notice if you try to implement it. As for JGSS and Java Kerberos, there are many other bugs/RFEs I'd rather see fixed/implemented there before anything like RFC2712. Nico --
