%% You should probably cite rfc8070 instead of this I-D. @techreport{ietf-kitten-pkinit-freshness-05, number = {draft-ietf-kitten-pkinit-freshness-05}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-ietf-kitten-pkinit-freshness/05/}, author = {Michiko Short and Seth Moore and Paul Miller}, title = {{Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) Freshness Extension}}, pagetotal = 8, year = 2016, month = mar, day = 21, abstract = {This document describes how to further extend the Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) extension {[}RFC4556{]} to exchange an opaque data blob that a KDC can validate to ensure that the client is currently in possession of the private key during a PKINIT AS exchange.}, }