This is an OPS-DIR review of draft-ietf-kitten-aes-cts-hmac-sha2-10. This ID describes additional encryption and checksum types for Kerberos 5  as well as a change in design that lowers the computing cost to verify  the integrity of a received message. The updates use NIST defined standards. I did not check the crypto or security logic - I figure that any ID coming  from the Security Area that has gone through 10 versions is going to  be rather solid in those areas. :-) I did not find any operational concerns with the ID. Scott