RFC 8636, "Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) Algorithm Agility", July 2019

Errata ID: 8638
Status: Verified
Type: Editorial
Publication Format(s) : TEXT
Reported By: Nico Williams
Date Reported: 2025-11-16
Verifier Name: Paul Wouters
Date Verified: 2025-11-17

Section 8.1 says:

ticket: Length =  55 bytes, Hex Representation =
61353033 A0030201 05A1071B 0553552E 5345A210 300EA003 020101A1 0730051B
036C6861 A311300F A0030201 12A20804 0668656A 68656A

It should say:

<no new text>

Notes:

This RFC was published based on draft-ietf-kitten-pkinit-alg-agility, which replaced draft-ietf-krb-wg-pkinit-alg-agility. Versions of draft-ietf-krb-wg-pkinit-alg-agility through -04, inclusive, had a field in the OtherInfo type called 'ticket', and this is why the test vectors in section 8 still refer to 'ticket': it used to be an input to the KDF in an old version of the draft, but later it was dropped. When the 'ticket' field of the OtherInfo type was dropped an oversight caused the 'ticket' input in section 8 not to also be dropped.

Report New Errata