Last Call: <draft-ietf-kitten-pkinit-alg-agility-04.txt> (PKINIT Algorithm Agility) to Proposed Standard

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The IESG has received a request from the Common Authentication Technology
Next Generation WG (kitten) to consider the following document: - 'PKINIT
Algorithm Agility'
  <draft-ietf-kitten-pkinit-alg-agility-04.txt> as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2019-02-17. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the beginning of
the Subject line to allow automated sorting.

Abstract


   This document updates PKINIT, as defined in RFC 4556, to remove
   protocol structures tied to specific cryptographic algorithms.  The
   PKINIT key derivation function is made negotiable, and the digest
   algorithms for signing the pre-authentication data and the client's
   X.509 certificates are made discoverable.

   These changes provide preemptive protection against vulnerabilities
   discovered in the future against any specific cryptographic
   algorithm, and allow incremental deployment of newer algorithms.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-kitten-pkinit-alg-agility/

IESG discussion can be tracked via
https://datatracker.ietf.org/doc/draft-ietf-kitten-pkinit-alg-agility/ballot/


No IPR declarations have been submitted directly on this I-D.







[Index of Archives]     [IETF]     [IETF Discussion]     [Linux Kernel]

  Powered by Linux