Kerberos Parameters -  [RFC3961]

(last updated 2007-08-16)

For registration procedures, please see [RFC3961].

 -Kerberos Encryption Type Numbers
 -Kerberos Checksum Type Numbers
 -Kerberos TCP Extensions

These are signed values ranging from -2147483648 to 2147483647.  Positive
values should be assigned only for algorithms specified in accordance
with this specification for use with Kerberos or related protocols.
Negative values are for private use; local and experimental algorithms 
should use these values.  Zero is reserved and may not be assigned.

Kerberos Encryption Type Numbers per [RFC3961]

encryption type                 etype    Reference and/or Comment
------------------------------  -----    ------------------------- 
reserved                           0     [RFC3961]
des-cbc-crc                        1     [RFC3961]
des-cbc-md4                        2     [RFC3961]
des-cbc-md5                        3     [RFC3961]
[reserved]                         4
des3-cbc-md5                       5
[reserved]                         6
des3-cbc-sha1                      7
dsaWithSHA1-CmsOID                 9      (pkinit)
md5WithRSAEncryption-CmsOID       10      (pkinit)
sha1WithRSAEncryption-CmsOID      11      (pkinit)
rc2CBC-EnvOID                     12      (pkinit)
rsaEncryption-EnvOID              13      (pkinit from PKCS#1 v1.5)
rsaES-OAEP-ENV-OID                14      (pkinit from PKCS#1 v2.0)
des-ede3-cbc-Env-OID              15      (pkinit)
des3-cbc-sha1-kd                  16      [RFC3961]
aes128-cts-hmac-sha1-96           17      [RFC3962]
aes256-cts-hmac-sha1-96           18      [RFC3962]
unassigned                      19-22
rc4-hmac                          23      [RFC4757]
rc4-hmac-exp                      24      [RFC4757] 
unassigned                      25-64
subkey-keymaterial                65      (opaque; PacketCable)


Kerberos Checksum Type Numbers per [RFC3961]

                           sumtype   checksum   
Checksum type               value     size      Reference and/or Comment
-----------------------  ----------  --------   ------------------------
Reserved                      0                 [RFC3961]
CRC32                         1        4        [RFC3961]
rsa-md4                       2       16        [RFC3961]
rsa-md4-des                   3       24        [RFC3961]
des-mac                       4       16        [RFC3961]
des-mac-k                     5        8        [RFC3961]
rsa-md4-des-k                 6       16        [RFC3961]
rsa-md5                       7       16        [RFC3961]
rsa-md5-des                   8       24        [RFC3961]
rsa-md5-des3                  9       24        
sha1 (unkeyed)               10       20        
hmac-sha1-des3-kd            12       20        [RFC3961]
hmac-sha1-des3               13       20        
sha1 (unkeyed)               14       20        
hmac-sha1-96-aes128          15       20        [RFC3962]
hmac-sha1-96-aes256          16       20        [RFC3962]
[reserved]               0x8003                 [RFC1964]


Registry Name: Kerberos TCP Extensions
Reference: [RFC5021]
Range   Registration Procedures  Notes
------  -----------------------  ---------------------------
0-29    IESG Approval
30      Reserved                 See section 6 of [RFC5021]

Registry:
Value   Description          Reference
------  -------------------  --------
0-29    Unassigned
30      Reserved             [RFC5021]


References
----------
[RFC1964]  J. Linn, "The Kerberos Version 5 GSS-API Mechanism", RFC 1964,  
           June 1996.

[RFC3961]  K. Raeburn, "Encryption and Checksum Specifications for Kerberos 5",
           RFC 3961, February 2005.

[RFC3962]  K. Raeburn, "AES Encryption for Kerberos 5", RFC 3962, 
           February 2005.

[RFC4757]  K. Jaganathan, L. Zhu, J. Brezak, "The RC4-HMAC Kerberos 
           Encryption Types Used by Microsoft Windows", RFC 4757,
           December 2006.

[RFC5021]  S. Josefsson, "Extended Kerberos Version 5 Key Distribution 
           Center (KDC) Exchanges Over TCP", RFC 5021, August 2007.

(pkinit)   Work in progress.
			
(created 29 June 2004) 

[]	











