Kerberos Working Group - IETF 61 meeting summary

- The chairs gave an update of the status of documents which
  have been sent to the IESG:
  + The kcrypto document is still in the RFC Editor queue.
    We expect 2 changes during author's 48 hours.
  + The GSSAPI-CFX document is in the RFC-Editor queue.
    There is a discussion on the list regarding naming text.
  + The AES document has been approved by the IESG.
  + Kerberos clarifications has been approved by the IESG.
  + Two documents related to GSSAPI mechanism extensions will
    be worked on in the kitten WG and last called in both WG's.

- Tom Yu gave a presentation on the status of kerberos-extensions

- Brian Tung gave an update on the status of PKINIT.
  Larry Zhu has agreed to assist Brian as co-editor.
  We discussed the following open issues:
   #526 subjectAltName/otherName constraints
   #611 checksum issues

- Larry Zhu gave a presentation on his OCSP-for-PKINIT document.

- Sam Hartman gave a discussion on the status of the preauth framework.

- Larry Zhu gave a presentation on the status of the referrals document.
  He believes the document needs more work before it can go to last call.

- Nico Williams led a brief discussion on the change password protocol.

- Milestones were updated.


DECISIONS (to be validated):
  * extensions to use quoting for referring to types/fields in text
  * encryptionCert not to be added back to PKINIT
  * subjectAltName/otherName issue (#526) does not need to be addressed
    in PKINIT; constraints are critical and someone can define a local
    one and/or we can define one later/for PKTAPP/etc
  * PKINIT will _not_ do checksum negotation, and instead will use the
    SHA1-now-negotiation-later approach raeburn described on the list.
  * preauth framework will target extensions, not clarifications
  * preauth work mostly deferred for now

ACTION ITEMS:
  * jhutz: point out kitten gss mech docs on the mailing list and ask
    for notes from people who have problems with the work being there
  * tlyu: republish extensions as a WG-named document
  * tlyu: outline extensions issues on list by [29-Nov-2004]
  * nico: text for #507, indicating PKINIT support [15-Nov-2004]
  * hartmans: write up #512, unauth plaintext in PKINIT [15-Nov-2004]
  * larry: propose text for #516, client name mapping [17-Nov-2004]
  * brian: text for #522, key to use in encKey case
  * larry: add ref in OCSP to Ryan Hurst's doc [19-Nov-2004]
  * jhutz: last call OCSP [29-Nov-2004]
  * jhutz, hartmans: find preauth coeditor
  * jhutz, hartmans, ???: find someone to use preauth
  * jhutz, larry: find people to review referrals [31-Dec-2004]
  * larry: open ticket for changepw localization issue [31-Dec-2004]

NEW MILESTONES:
DONE      first preauth draft
DONE      first extensions draft
DROP      preauth to IESG
DROP      pkcross to IESG

NOV 2004  PKINIT last call
MAR 2005  Extensions major issues resolved
JUN 2005  Extensions last call
NOV 2004  OCSP last call
FEB 2005  Set/Change PW - Concensus on direction
SEP 2005  Set/Change PW - Last call
JUN 2005  Referrals - Last call
SEP 2005  Charter Review