Negotiation of Extra Security Context Tokens for Kerberos V5 Generic Security Services Mechanism

Document Type Expired Internet-Draft (individual)
Last updated 2015-05-24 (latest revision 2014-11-20)
Stream (None)
Intended RFC status (None)
Expired & archived
plain text pdf html bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This Internet-Draft proposes an extension to the Kerberos V5 security mechanism for the Generic Security Services Application Programming Interface (GSS-API) for using extra security context tokens in order to recover from certain errors. Other benefits include: user-to-user authentication, authenticated errors, replay cache avoidance, and others.


Nicolás Williams (
Roland Dowdeswell (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)