RFC 8070
Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) Freshness Extension, February 2017
- File formats:
- Status:
- PROPOSED STANDARD
- Authors:
- M. Short, Ed.
S. Moore
P. Miller - Stream:
- IETF
- Source:
- kitten (sec)
Cite this RFC: TXT | XML | BibTeX
DOI: https://doi.org/10.17487/RFC8070
Discuss this RFC: Send questions or comments to the mailing list kitten@ietf.org
Other actions: Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 8070
Abstract
This document describes how to further extend the Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) extension (defined in RFC 4556) to exchange an opaque data blob that a Key Distribution Center (KDC) can validate to ensure that the client is currently in possession of the private key during a PKINIT Authentication Service (AS) exchange.
For the definition of Status, see RFC 2026.
For the definition of Stream, see RFC 8729.