Browse Prior Art Database

Addition of Kerberos Cipher Suites to Transport Layer Security (TLS) (RFC2712)

IP.com Disclosure Number: IPCOM000003307D
Original Publication Date: 1999-Oct-01
Included in the Prior Art Database: 2005-May-22
Document File: 8 page(s) / 14K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

A. Medvinsky: AUTHOR [+2]

Abstract

This document proposes the addition of new cipher suites to the TLS protocol [1] to support Kerberos-based authentication. Kerberos credentials are used to achieve mutual authentication and to establish a master secret which is subsequently used to secure client-server communication.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 19% of the total text.

Network Working Group                                      A. Medvinsky
Request for Comments: 2712                                       Excite
Category: Standards Track                                        M. Hur
                                                  CyberSafe Corporation
                                                           October 1999


  Addition of Kerberos Cipher Suites to Transport Layer Security (TLS)

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (1999).  All Rights Reserved.

IESG Note:

   The 40-bit ciphersuites defined in this memo are included only for
   the purpose of documenting the fact that those ciphersuite codes have
   already been assigned.  40-bit ciphersuites were designed to comply
   with US-centric, and now obsolete, export restrictions.  They were
   never secure, and nowadays are inadequate even for casual
   applications.  Implementation and use of the 40-bit ciphersuites
   defined in this document, and elsewhere, is strongly discouraged.

1. Abstract

   This document proposes the addition of new cipher suites to the TLS
   protocol [1] to support Kerberos-based authentication.  Kerberos
   credentials are used to achieve mutual authentication and to
   establish a master secret which is subsequently used to secure
   client-server communication.

2. Introduction

   Flexibility is one of the main strengths of the TLS protocol.
   Clients and servers can negotiate cipher suites to meet specific
   security and administrative policies.  However, to date,
   authentication in TLS is limited only to public key solutions.  As a
   result, TLS does not fully support organizations with heterogeneous
   security deployments that include authentication systems based on
   symmetric cryptography.  Kerberos, originally developed at MIT, is

Medvinsky & Hur             Standards Track                     [Page 1]
RFC 2712       Addition of Kerberos Cipher Suites to TLS   October 1999


   based on an open standard [2] and is the most widely deployed
   symmetric key authentication system.  This document proposes a new
   option for negotiating Kerberos authentication within the TLS
   framework.  This achieves mutual authentication and the establishment
   of a master secret using Kerberos credentials.  The pr...