Kerberos Parameters

(last updated 2007-08-16)

Registries included below:
- Kerberos Encryption Type Numbers
- Kerberos Checksum Type Numbers
- Kerberos TCP Extensions


Registry Name: Kerberos Encryption Type Numbers 
Reference: [RFC3961]
Registration Procedures: Standards Action or Expert Review 

Note:
These are signed values ranging from -2147483648 to 2147483647.  Positive
values should be assigned only for algorithms specified in accordance
with this specification for use with Kerberos or related protocols.
Negative values are for private use; local and experimental algorithms 
should use these values.  Zero is reserved and may not be assigned.

Registry: 
etype           encryption type                        Reference 
--------------  -------------------------------------  ------------------------- 
0               reserved                               [RFC3961]
1               des-cbc-crc                            [RFC3961]
2               des-cbc-md4                            [RFC3961]
3               des-cbc-md5                            [RFC3961]
4               Reserved                               [RFC3961]
5               des3-cbc-md5                       
6               Reserved                               [RFC3961]
7               des3-cbc-sha1                      
8               Unassigned
9               dsaWithSHA1-CmsOID                     [RFC4556]
10              md5WithRSAEncryption-CmsOID            [RFC4556]
11              sha1WithRSAEncryption-CmsOID           [RFC4556]
12              rc2CBC-EnvOID                          [RFC4556]
13              rsaEncryption-EnvOID                   [RFC4556 from PKCS#1 v1.5]
14              rsaES-OAEP-ENV-OID                     [RFC4556 from PKCS#1 v2.0]
15              des-ede3-cbc-Env-OID                   [RFC4556]
16              des3-cbc-sha1-kd                       [RFC3961]
17              aes128-cts-hmac-sha1-96                [RFC3962]
18              aes256-cts-hmac-sha1-96                [RFC3962]
19-22           Unassigned                      
23              rc4-hmac                               [RFC4757]
24              rc4-hmac-exp                           [RFC4757] 
25-64           Unassigned                      
65              subkey-keymaterial                     (opaque; PacketCable)
66-2147483647   Unassigned


Registry Name: Kerberos Checksum Type Numbers
Reference: [RFC3961]
Registration Procedures: Standards Action or Expert Review

Note:
These are signed values ranging from -2147483648 to 2147483647.  Positive
values should be assigned only for algorithms specified in accordance
with this specification for use with Kerberos or related protocols.
Negative values are for private use; local and experimental algorithms 
should use these values.  Zero is reserved and may not be assigned.

Registry:                                   
sumtype value      Checksum type                 checksum size  Reference
-----------------  ----------------------------  -------------  ---------
0                  Reserved                                     [RFC3961]
1                  CRC32                         4              [RFC3961]
2                  rsa-md4                       16             [RFC3961]
3                  rsa-md4-des                   24             [RFC3961]
4                  des-mac                       16             [RFC3961]
5                  des-mac-k                     8              [RFC3961]
6                  rsa-md4-des-k                 16             [RFC3961]
7                  rsa-md5                       16             [RFC3961]
8                  rsa-md5-des                   24             [RFC3961]
9                  rsa-md5-des3                  24         
10                 sha1 (unkeyed)                20        
11                 Unassigned
12                 hmac-sha1-des3-kd             20             [RFC3961]
13                 hmac-sha1-des3                20        
14                 sha1 (unkeyed)                20        
15                 hmac-sha1-96-aes128           20             [RFC3962]
16                 hmac-sha1-96-aes256           20             [RFC3962]
17-32770           Unassigned
32771              Reserved                                     [RFC1964]
32772-2147483647   Unassigned


Registry Name: Kerberos TCP Extensions
Reference: [RFC5021]
Range   Registration Procedures            Notes
------  ---------------------------------  --------------------------------------------------
0-29    IESG Approval or Standards Action
30      Reserved                           Standards Action to updates or obsoletes [RFC5021]

Registry:
Value   Description          Reference
------  -------------------  --------
0-29    Unassigned
30      Reserved             [RFC5021]


References
----------
[RFC1964]  J. Linn, "The Kerberos Version 5 GSS-API Mechanism", RFC 1964,  
           June 1996.

[RFC3961]  K. Raeburn, "Encryption and Checksum Specifications for Kerberos 5",
           RFC 3961, February 2005.

[RFC3962]  K. Raeburn, "AES Encryption for Kerberos 5", RFC 3962, 
           February 2005.

[RFC4556]  L. Zhu and B. Tung, "Public Key Cryptography for Initial 
           Authentication in Kerberos (PKINIT)", RFC 4556, June 2006.

[RFC4757]  K. Jaganathan, L. Zhu, J. Brezak, "The RC4-HMAC Kerberos 
           Encryption Types Used by Microsoft Windows", RFC 4757,
           December 2006.

[RFC5021]  S. Josefsson, "Extended Kerberos Version 5 Key Distribution 
           Center (KDC) Exchanges Over TCP", RFC 5021, August 2007.



(created 2004-06-29) 

[]	
