Online Certificate Status Protocol Support for Public Key Cryptography for Initial Authentication in Kerberos
RFC 4557, “Online Certificate Status Protocol Support for Public Key Cryptography for Initial Authentication in Kerberos”, is a Proposed Standard document published in June 2006 by L. Zhu, K. Jaganathan, N. Williams. The canonical text is published by the RFC Editor.
Abstract
This document defines a mechanism to enable in-band transmission of Online Certificate Status Protocol (OCSP) responses in the Kerberos network authentication protocol. These responses are used to verify the validity of the certificates used in Public Key Cryptography for Initial Authentication in Kerberos (PKINIT), which is the Kerberos Version 5 extension that provides for the use of public key cryptography. [STANDARDS-TRACK]
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 4557 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 4556 Public Key Cryptography for Initial Authentication in Kerberos
- RFC 4558 Node-ID Based Resource Reservation Protocol Hello: A Clarification Statement
- RFC 4555 IKEv2 Mobility and Multihoming Protocol
- RFC 4559 SPNEGO-based Kerberos and NTLM HTTP Authentication in Microsoft Windows
- RFC 4554 Use of VLANs for IPv4-IPv6 Coexistence in Enterprise Networks
- RFC 4560 Definitions of Managed Objects for Remote Ping, Traceroute, and Lookup Operations
- RFC 4553 Structure-Agnostic Time Division Multiplexing over Packet
- RFC 4561 Definition of a Record Route Object Node-Id Sub-Object