A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Kerberos Working Group of the IETF.
Title : PK-INIT algorithm agility
Author(s) : L. Astrand, L. Zhu
Filename : draft-ietf-krb-wg-pkinit-alg-agility-04.txt
Pages : 24
Date : 2008-08-05
The PK-INIT defined in RFC 4556 is examined and updated to remove
protocol structures tied to specific cryptographic algorithms. The
affinity to SHA-1 as the checksum algorithm in the authentication
request is analyzed. The PK-INIT key derivation function is made
negotiable, the digest algorithms for signing the pre-authentication
data and the client's X.509 certificates are made discoverable.
These changes provide protection preemptively against vulnerabilities
discovered in the future against any specific cryptographic
algorithm, and allow incremental deployment of newer algorithms.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-pkinit-alg-agility-04.txt
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
- <ftp://ftp.ietf.org/internet-drafts/draft-ietf-krb-wg-pkinit-alg-agility-04.txt>
-
_______________________________________________
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
