Last Sunday I updated the draft Kerberos ticket extensions to version -02.
Ticket extentions are to enable PK-CROSS and other applications that want to send clear text data in the ticket between the KDC and the server.
The update included and extension to the Kerberos protocol, a much cleaner extention protocol wise, at the same time it requires update clients. The reason I did both was the comment from Ken Raeburn that though the new protocol was horrible (which it is) and Kerberos should stay pretty, so I made the protocol stay pretty.
There is still the issue with protection, may I just should just give up making it truly extensionally and just include a checksum using the same key as the Ticket.enc-data is encrypted with.