A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : Kerberos V5 Reply Keys From TLS
Author(s) : S. Josefsson
Filename : draft-josefsson-krb5starttls-bootstrap-01.txt
Pages : 13
Date : 2009-03-02
This document describes how the Kerberos V5 over TLS protocol
together with a users' long term shared secret can be used to 1)
allow clients to securely learn a realm's KDC X.509 certificate, 2)
distribute the X.509 trust anchors used by the KDC, and 3) make it
possible for clients to use Kerberos V5 over TLS without having to
validate the server certificates.
We also describe how the Kerberos V5 over TLS protocol can be used to
4) avoid the need for a long term shared key between the user and the
KDC by instead using TLS user authentication.
This goals are achieved by introducing two new Kerberos V5 pre-
authentication mechanisms that modify how the Kerberos V5 reply key
is derived.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-josefsson-krb5starttls-bootstrap-01.txt
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
- <ftp://ftp.ietf.org/internet-drafts/draft-josefsson-krb5starttls-bootstrap-01.txt>
-
_______________________________________________
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
