A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : Deriving Keys From TLS for Kerberos V5
Author(s) : S. Josefsson
Filename : draft-josefsson-krb5starttls-bootstrap-02.txt
Pages : 9
Date : 2009-03-06
This document describes how clients can use the Kerberos V5 over TLS
protocol together with its long term key to 1) avoid having to
validate the server certificate, 2) securely learn a KDC's server
certificate, and 3) learn the trust anchors used by the KDC.
We also describe how the Kerberos V5 over TLS protocol can be used to
4) avoid the need for a long term shared key between the client and
the KDC by instead using TLS client authentication.
These goals are achieved by introducing a new Kerberos V5 pre-
authentication type that modify how the Kerberos V5 reply key is
derived.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-josefsson-krb5starttls-bootstrap-02.txt
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
- <ftp://ftp.ietf.org/internet-drafts/draft-josefsson-krb5starttls-bootstrap-02.txt>
-
_______________________________________________
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
