UNLIMITED FREE ACCESS TO THE WORLD'S BEST IDEAS

close
Already an Engineering360 user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your Engineering360 Experience

close
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

IETF RFC 8636

Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) Algorithm Agility

active, Most Current
Buy Now
Organization: IETF
Publication Date: 1 July 2019
Status: active
Page Count: 21
scope:

Abstract

This document updates the Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) standard (RFC 4556) to remove protocol structures tied to specific cryptographic algorithms. The PKINIT key derivation function is made negotiable, and the digest algorithms for signing the pre-authentication data and the client's X.509 certificates are made discoverable.

These changes provide preemptive protection against vulnerabilities discovered in the future in any specific cryptographic algorithm and allow incremental deployment of newer algorithms.

Document History

IETF RFC 8636
July 1, 2019
Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) Algorithm Agility
Abstract This document updates the Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) standard (RFC 4556) to remove protocol structures tied to specific cryptographic...

References

Advertisement