RFC 8636: Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) Algorithm Agility

RFC 8636: Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) Algorithm Agility2019 RFC

July 2019

Publisher:

RFC Editor
United States

DOI:https://doi.org/10.17487/RFC8636

Published:01 July 2019

RFC Status

Updates:

RFC 4556: Public Key Cryptography for Initial Authentication in Kerberos (PKINIT)

PDF eReader

Bibliometrics

Abstract

This document updates the Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) standard (RFC 4556) to remove protocol structures tied to specific cryptographic algorithms. The PKINIT key derivation function is made negotiable, and the digest algorithms for signing the pre-authentication data and the client's X.509 certificates are made discoverable.

These changes provide preemptive protection against vulnerabilities discovered in the future in any specific cryptographic algorithm and allow incremental deployment of newer algorithms.

Contributors

L Hornquist Astrand
- Publication Years2010 - 2019
- Publication counts4
- Citation count0
- Available for Download4
- Downloads (cumulative)75
- Downloads (12 months)59
- Downloads (6 weeks)14
- Average Downloads per Article19
- Average Citation per Article0
View Full Profile
L Zhu
- Publication Years2019 - 2019
- Publication counts1
- Citation count0
- Available for Download1
- Downloads (cumulative)21
- Downloads (12 months)18
- Downloads (6 weeks)5
- Average Downloads per Article21
- Average Citation per Article0
View Full Profile
M Cullen
- Publication Years2019 - 2019
- Publication counts1
- Citation count0
- Available for Download1
- Downloads (cumulative)21
- Downloads (12 months)18
- Downloads (6 weeks)5
- Average Downloads per Article21
- Average Citation per Article0
View Full Profile
G Hudson
- Publication Years2012 - 2024
- Publication counts3
- Citation count0
- Available for Download3
- Downloads (cumulative)49
- Downloads (12 months)38
- Downloads (6 weeks)11
- Average Downloads per Article16
- Average Citation per Article0
View Full Profile

Index Terms

RFC 8636: Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) Algorithm Agility
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Index terms have been assigned to the content through auto-classification.

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Recommendations

Public-Key Cryptography Enabled Kerberos Authentication
DESE '11: Proceedings of the 2011 Developments in E-systems Engineering

Kerberos is a trusted third party authentication protocol based on symmetric key cryptography. This paper studies how Kerberos authentication standard can be extended to support public key cryptography. The paper aims to do this by implementing the most ...
RFC 4556: Public Key Cryptography for Initial Authentication in Kerberos (PKINIT)
RFC 8070: Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) Freshness Extension

Browse RFC

Sections

Index Terms

Public-Key Cryptography Enabled Kerberos Authentication

RFC 4556: Public Key Cryptography for Initial Authentication in Kerberos (PKINIT)

RFC 8070: Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) Freshness Extension

Save to Binder

Sections

Save to Binder

Index Terms

Recommendations

Public-Key Cryptography Enabled Kerberos Authentication

RFC 4556: Public Key Cryptography for Initial Authentication in Kerberos (PKINIT)

RFC 8070: Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) Freshness Extension