RFC 9588
Kerberos Simple Password-Authenticated Key Exchange (SPAKE) Pre-authentication, August 2024
- File formats:
- Also available: XML file for editing
- Status:
- PROPOSED STANDARD
- Authors:
- N. McCallum
S. Sorce
R. Harwood
G. Hudson - Stream:
- IETF
- Source:
- kitten (sec)
Cite this RFC: TXT | XML | BibTeX
DOI: https://doi.org/10.17487/RFC9588
Discuss this RFC: Send questions or comments to the mailing list kitten@ietf.org
Other actions: Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 9588
Abstract
This document defines a new pre-authentication mechanism for the Kerberos protocol. The mechanism uses a password-authenticated key exchange (PAKE) to prevent brute-force password attacks, and it may incorporate a second factor.
For the definition of Status, see RFC 2026.
For the definition of Stream, see RFC 8729.