{"draft":"draft-ietf-kitten-pkinit-freshness-07","doc_id":"RFC8070","title":"Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) Freshness Extension","authors":["M. Short, Ed.","S. Moore","P. Miller"],"format":["ASCII","HTML"],"page_count":"9","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"Common Authentication Technology Next Generation","abstract":"This document describes how to further extend the Public Key\r\nCryptography for Initial Authentication in Kerberos (PKINIT)\r\nextension (defined in RFC 4556) to exchange an opaque data blob that\r\na Key Distribution Center (KDC) can validate to ensure that the\r\nclient is currently in possession of the private key during a PKINIT\r\nAuthentication Service (AS) exchange.","pub_date":"February 2017","keywords":[],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC8070","errata_url":null}