RFC 8009 · INFORMATIONAL · 2016
SUN · 14 JUN 2026
AES Encryption with HMAC-SHA2 for Kerberos 5
Overview
RFC 8009, “AES Encryption with HMAC-SHA2 for Kerberos 5”, is an Informational document published in October 2016 by M. Jenkins, M. Peck, K. Burgin. The canonical text is published by the RFC Editor.
Abstract
This document specifies two encryption types and two corresponding checksum types for Kerberos 5. The new types use AES in CTS mode (CBC mode with ciphertext stealing) for confidentiality and HMAC with a SHA-2 hash for integrity.
What “Informational” means
Published for the general information of the community. It does not define an IETF standard and carries no standards-track status.
Read this RFC
The canonical text of RFC 8009 is hosted at rfc-editor.org. Available in TXT,HTML.
Other RFCs from 2016
- RFC 8008 Content Delivery Network Interconnection Request Routing: Footprint and Capabilities Semantics
- RFC 8007 Content Delivery Network Interconnection Control Interface / Triggers
- RFC 8006 Content Delivery Network Interconnection Metadata
- RFC 8012 Label Switched Path and Pseudowire Ping/Trace over MPLS Networks Using Entropy Labels
- RFC 8005 Host Identity Protocol Domain Name System Extension
- RFC 8004 Host Identity Protocol Rendezvous Extension
- RFC 8014 An Architecture for Data-Center Network Virtualization over Layer 3
- RFC 8003 Host Identity Protocol Registration Extension