Public Key Cryptography for Initial Authentication in Kerberos Freshness Extension
RFC 8070, “Public Key Cryptography for Initial Authentication in Kerberos Freshness Extension”, is a Proposed Standard document published in February 2017 by M. Short, S. Moore, P. Miller. The canonical text is published by the RFC Editor.
Abstract
This document describes how to further extend the Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) extension (defined in RFC 4556) to exchange an opaque data blob that a Key Distribution Center (KDC) can validate to ensure that the client is currently in possession of the private key during a PKINIT Authentication Service (AS) exchange.
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 8070 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 8069 URN Namespace for IEEE
- RFC 8071 NETCONF Call Home and RESTCONF Call Home
- RFC 8068 Session Initiation Protocol Recording Call Flows
- RFC 8072 YANG Patch Media Type
- RFC 8067 Updating When Standards Track Documents May Refer Normatively to Documents at a Lower Level
- RFC 8073 Coordinating Attack Response at Internet Scale Workshop Report
- RFC 8066 IPv6 over Low-Power Wireless Personal Area Network ESC Dispatch Code Points and Guidelines
- RFC 8074 Source Address Validation Improvement for Mixed Address Assignment Methods Scenario