Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) Algorithm Agility
Draft of message to be sent after approval:
From: The IESG <email@example.com> To: IETF-Announce <firstname.lastname@example.org> Cc: The IESG <email@example.com>, firstname.lastname@example.org, Robbie Harwood <email@example.com>, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org Subject: Protocol Action: 'PKINIT Algorithm Agility' to Proposed Standard (draft-ietf-kitten-pkinit-alg-agility-08.txt) The IESG has approved the following document: - 'PKINIT Algorithm Agility' (draft-ietf-kitten-pkinit-alg-agility-08.txt) as Proposed Standard This document is the product of the Common Authentication Technology Next Generation Working Group. The IESG contact persons are Benjamin Kaduk and Roman Danyliw. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-kitten-pkinit-alg-agility/
Technical Summary This document specifies an updated Public Key Cryptography for Initial Authentication in Kerberos (PKINIT, rfc4556) which is not dependent on SHA-1. In particular, it describes negotiation for Key Derivation Functions, and includes test vectors for these schemes. This is a Standards Track document since its core goal is to update PKINIT, which is a standard part of Kerberos implementations. Accordingly, it updates rfc4556 (PKINIT), which is Standards Track. Working Group Summary This document has been around for quite a long time, originally part of krb-wg before being taken up by kitten in the re-charter. Implementations have existed in both MIT krb5 and Heimdal since 2011 and 2008, respectively. Most shaping review happened under krb-wg, but those contributors are also participants in kitten. This document received review and/or implementation from a significant number of working group contributors. In an ideal world it would have been published much sooner, but has been repeatedly deprioritized in favor of other work. Document Quality There are two independent implementations that interoperate and validate the test vectors. Personnel Robbie Harwood is the document shepherd. Benjamin Kaduk is the responsible Area Director.