Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) Freshness Extension, February 2017
- Canonical URL:
- File formats:
- PROPOSED STANDARD
- M. Short, Ed.
- kitten (sec)
Discuss this RFC: Send questions or comments to firstname.lastname@example.org
This document describes how to further extend the Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) extension (defined in RFC 4556) to exchange an opaque data blob that a Key Distribution Center (KDC) can validate to ensure that the client is currently in possession of the private key during a PKINIT Authentication Service (AS) exchange.
For the definition of Status, see RFC 2026.
For the definition of Stream, see RFC 4844.