[MS-KILE]: Kerberos Protocol Extensions

Article
06/28/2023

This topic lists Errata found in [MS-KILE] since it was last published. Since this topic is updated frequently, we recommend that you subscribe to this RSS feed to receive update notifications.

Errata are subject to the same terms as the Open Specifications documentation referenced.

RSS

To view a PDF file of the errata for the previous versions of this document, see the following ERRATA Archives:

October 16, 2015 - Download

June 30, 2015 - Download

July 18, 2016 - Download

March 4, 2020 - Download

August 24, 2020 – Download

April 7, 2021 - Download

April 29, 2022 - Download

December 1, 2022 - Download

Errata below are for Protocol Document Version V40.0 – 2022/12/01.

Errata Published*	Description
2023/04/11	In Section 3.1.5.2 Encryption Types: Added that all other encryption types, that are not listed, SHOULD be rejected. In the product notes 24 and new 25, added CVE references with product applicability. Changed from: KILE MUST<23> support the Advanced Encryption Standard (AES) encryption types: • AES256-CTS-HMAC-SHA1-96 [18] ([RFC3962] section 7) • AES128-CTS-HMAC-SHA1-96 [17] ([RFC3962] section 7) and SHOULD<24> support the following encryption types, which are listed in order of relative strength: • RC4-HMAC [23] [RFC4757] • DES-CBC-MD5 [3] [RFC3961] • DES-CBC-CRC [1] [RFC3961] Kerberos V5 encryption type assigned numbers are specified in [RFC3961] section 8, [RFC4757] section 5, and [RFC3962] section 7.<25> <24> Section 3.1.5.2: In Windows 2000 and Windows Server 2003, KDCs select the encryption type based on the preference order in the client request. Otherwise, KDCs select the encryption type used for pre-authentication or, when pre-authentication is not used, the encryption type is based on the preference order in the client request. RC4-HMAC is supported in Windows. Only Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 support DES by default. Changed to: KILE MUST<23> support the Advanced Encryption Standard (AES) encryption types: • AES256-CTS-HMAC-SHA1-96 [18] ([RFC3962] section 7) • AES128-CTS-HMAC-SHA1-96 [17] ([RFC3962] section 7) and SHOULD<24> support the following encryption types, which are listed in order of relative strength: • RC4-HMAC [23] [RFC4757] • DES-CBC-MD5 [3] [RFC3961] • DES-CBC-CRC [1] [RFC3961] All other Encryption Types SHOULD<25> be rejected. Kerberos V5 encryption type assigned numbers are specified in [RFC3961] section 8, [RFC4757] section 5, and [RFC3962] section 7.<26> <24> Section 3.1.5.2: In Windows 2000 and Windows Server 2003, KDCs select the encryption type based on the preference order in the client request. Otherwise, KDCs select the encryption type used for pre-authentication or, when pre-authentication is not used, the encryption type is based on the preference order in the client request. Only Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 support DES by default. RC4-HMAC is supported in Windows. For more information on RC4 and encryption type updates see Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability security update November 2022 [MSFT-CVE-2022-37966] and Windows Kerberos Elevation of Privilege Vulnerability security update November 2022 [MSFT-CVE-2022-37967]. These updates apply to Windows Server 2008 SP2 and later. <25> Section 3.1.5.2: For more information see Windows Kerberos Elevation of Privilege Vulnerability security updates September 2022 [MSFT-CVE-2022-33647] and [MSFT-CVE-2022-33679]. These updates apply to Windows Server 2008 SP2 and later.
2023/03/06	Section 5.1 Security Considerations for Implementers: Added statement to recommend strong vs. weak encryption usage. Changed from: 5.1 Security Considerations for Implementers KILE has the same security considerations as Kerberos V5 ([RFC4120], [RFC3961], [RFC3962], and [RFC4757]) and GSS-API ([RFC2743], [RFC1964], and [RFC4121]). Changed to: 5.1 Security Considerations for Implementers KILE has the same security considerations as Kerberos V5 ([RFC4120], [RFC3961], [RFC3962], and [RFC4757]) and GSS-API ([RFC2743], [RFC1964], and [RFC4121]). The encryption types AES128-CTC-HMAC-SHA1-96/AES256-CTC-HMAC-SHA1-96 or including AES256-CTS-HMAC-SHA1-96-SK if RC4 encryption types is selected is recommended. Setting RC4/DES only is weak and not recommended. For more information see section 2.2.7.
2023/03/06	Section 2.2.7 Supported Encryption Types Bit Flags: Added note to recommend strong vs. weak encryption usage. Changed from: AES256-CTS-HMAC-SHA1-96-SK: Enforce AES session keys when legacy ciphers are in use. When the bit is set, this indicates to the KDC that all cases where RC4 session keys can be used will be superseded with AES keys. All other bits MUST be set to zero when sent and MUST be ignored when they are received. Changed to: AES256-CTS-HMAC-SHA1-96-SK: Enforce AES session keys when legacy ciphers are in use. When the bit is set, this indicates to the KDC that all cases where RC4 session keys can be used will be superseded with AES keys. Note: The encryption types AES128-CTC-HMAC-SHA1-96/AES256-CTC-HMAC-SHA1-96 or including AES256-CTS-HMAC-SHA1-96-SK if RC4 encryption types is selected is recommended. Setting RC4/DES only is weak and not recommended. All other bits MUST be set to zero when sent and MUST be ignored when they are received.

Errata Published*

Description

2023/04/11

In Section 3.1.5.2 Encryption Types: Added that all other encryption types, that are not listed, SHOULD be rejected. In the product notes 24 and new 25, added CVE references with product applicability.

Changed from:

KILE MUST<23> support the Advanced Encryption Standard (AES) encryption types:

• AES256-CTS-HMAC-SHA1-96 [18] ([RFC3962] section 7)

• AES128-CTS-HMAC-SHA1-96 [17] ([RFC3962] section 7)

and SHOULD<24> support the following encryption types, which are listed in order of relative strength:

• RC4-HMAC [23] [RFC4757]

• DES-CBC-MD5 [3] [RFC3961]

• DES-CBC-CRC [1] [RFC3961]

Kerberos V5 encryption type assigned numbers are specified in [RFC3961] section 8, [RFC4757] section 5, and [RFC3962] section 7.<25>

<24> Section 3.1.5.2: In Windows 2000 and Windows Server 2003, KDCs select the encryption type based on the preference order in the client request. Otherwise, KDCs select the encryption type used for pre-authentication or, when pre-authentication is not used, the encryption type is based on the preference order in the client request.

RC4-HMAC is supported in Windows.

Only Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 support DES by default.

Changed to:

KILE MUST<23> support the Advanced Encryption Standard (AES) encryption types:

• AES256-CTS-HMAC-SHA1-96 [18] ([RFC3962] section 7)

• AES128-CTS-HMAC-SHA1-96 [17] ([RFC3962] section 7)

and SHOULD<24> support the following encryption types, which are listed in order of relative strength:

• RC4-HMAC [23] [RFC4757]

• DES-CBC-MD5 [3] [RFC3961]

• DES-CBC-CRC [1] [RFC3961]

All other Encryption Types SHOULD<25> be rejected. Kerberos V5 encryption type assigned numbers are specified in [RFC3961] section 8, [RFC4757] section 5, and [RFC3962] section 7.<26>

Only Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 support DES by default.

RC4-HMAC is supported in Windows. For more information on RC4 and encryption type updates see Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability security update November 2022 [MSFT-CVE-2022-37966] and Windows Kerberos Elevation of Privilege Vulnerability security update November 2022 [MSFT-CVE-2022-37967]. These updates apply to Windows Server 2008 SP2 and later.

<25> Section 3.1.5.2: For more information see Windows Kerberos Elevation of Privilege Vulnerability security updates September 2022 [MSFT-CVE-2022-33647] and [MSFT-CVE-2022-33679]. These updates apply to Windows Server 2008 SP2 and later.

2023/03/06

Section 5.1 Security Considerations for Implementers: Added statement to recommend strong vs. weak encryption usage.

Changed from:

5.1 Security Considerations for Implementers

KILE has the same security considerations as Kerberos V5 ([RFC4120], [RFC3961], [RFC3962], and [RFC4757]) and GSS-API ([RFC2743], [RFC1964], and [RFC4121]).

Changed to:

5.1 Security Considerations for Implementers

KILE has the same security considerations as Kerberos V5 ([RFC4120], [RFC3961], [RFC3962], and [RFC4757]) and GSS-API ([RFC2743], [RFC1964], and [RFC4121]).

The encryption types AES128-CTC-HMAC-SHA1-96/AES256-CTC-HMAC-SHA1-96 or including AES256-CTS-HMAC-SHA1-96-SK if RC4 encryption types is selected is recommended. Setting RC4/DES only is weak and not recommended. For more information see section 2.2.7.

2023/03/06

Section 2.2.7 Supported Encryption Types Bit Flags: Added note to recommend strong vs. weak encryption usage.

Changed from:

AES256-CTS-HMAC-SHA1-96-SK: Enforce AES session keys when legacy ciphers are in use. When the bit is set, this indicates to the KDC that all cases where RC4 session keys can be used will be superseded with AES keys.

All other bits MUST be set to zero when sent and MUST be ignored when they are received.

Changed to:

Note: The encryption types AES128-CTC-HMAC-SHA1-96/AES256-CTC-HMAC-SHA1-96 or including AES256-CTS-HMAC-SHA1-96-SK if RC4 encryption types is selected is recommended. Setting RC4/DES only is weak and not recommended.

All other bits MUST be set to zero when sent and MUST be ignored when they are received.

*Date format: YYYY/MM/DD

[MS-KILE]: Kerberos Protocol Extensions

Additional resources