UNLIMITED FREE
ACCESS TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Select Your Free Newsletters

Industry Newsletters

Select Your Free Product Alerts

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

IETF RFC 8636

Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) Algorithm Agility

active, Most Current
Buy Now
Organization: IETF
Publication Date: 1 July 2019
Status: active
Page Count: 21
scope:

Abstract

This document updates the Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) standard (RFC 4556) to remove protocol structures tied to specific cryptographic algorithms. The PKINIT key derivation function is made negotiable, and the digest algorithms for signing the pre-authentication data and the client's X.509 certificates are made discoverable.

These changes provide preemptive protection against vulnerabilities discovered in the future in any specific cryptographic algorithm and allow incremental deployment of newer algorithms.

Document History

IETF RFC 8636
July 1, 2019
Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) Algorithm Agility
Abstract This document updates the Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) standard (RFC 4556) to remove protocol structures tied to specific cryptographic...

References

This document references:
IETF RFC 3961 - Encryption and Checksum Specifications for Kerberos 5
Published by IETF on February 1, 2005
This document describes a framework for defining encryption and checksum mechanisms for use with the Kerberos protocol, defining an abstraction layer between the Kerberos protocol and related...
This document references:
IETF RFC 8062 - Anonymity Support for Kerberos
Published by IETF on February 1, 2017
This document defines extensions to the Kerberos protocol to allow a Kerberos client to securely communicate with a Kerberos application service without revealing its identity, or without revealing...
This document references:
IETF RFC 8070 - Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) Freshness Extension
Published by IETF on February 1, 2017
This document describes how to further extend the Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) extension (defined in RFC 4556) to exchange an opaque data blob that a Key...
This document references:
ITU-T X.680 - Information technology – Abstract Syntax Notation One (ASN.1): Specification of basic notation
Published by ITU-T on August 1, 2015
This Recommendation | International Standard provides a standard notation called Abstract Syntax Notation One (ASN.1) that is used for the definition of data types, values, and constraints on data...
This document references:
ITU-T X.690 - Information technology – ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER)
Published by ITU-T on August 1, 2015
This Recommendation | International Standard specifies a set of basic encoding rules that may be used to derive the specification of a transfer syntax for values of types defined using the notation...
View Less
View All
Advertisement