datatracker.ietf.org
Sign In
Version 4.50, 2013-05-15
Report a bug

Public Key Cryptography for Initial Authentication in Kerberos (PKINIT)
RFC 4556

Document type:RFC - Proposed Standard (IETF Stream)
Updated by RFC 6112
Was draft-ietf-cat-kerberos-pk-init
Errata
Published: 2006-06
Other versions: plain text, pdf, html 
Network Working Group                                             L. Zhu
Request for Comments: 4556                         Microsoft Corporation
Category: Standards Track                                        B. Tung
                                                   Aerospace Corporation
                                                               June 2006

                      Public Key Cryptography for
              Initial Authentication in Kerberos (PKINIT)

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2006).

Abstract

   This document describes protocol extensions (hereafter called PKINIT)
   to the Kerberos protocol specification.  These extensions provide a
   method for integrating public key cryptography into the initial
   authentication exchange, by using asymmetric-key signature and/or
   encryption algorithms in pre-authentication data fields.

Table of Contents

   1. Introduction ....................................................2
   2. Conventions Used in This Document ...............................4
   3. Extensions ......................................................5
      3.1. Definitions, Requirements, and Constants ...................6
           3.1.1. Required Algorithms .................................6
           3.1.2. Recommended Algorithms ..............................6
           3.1.3. Defined Message and Encryption Types ................7
           3.1.4. Kerberos Encryption Types Defined for CMS
                  Algorithm Identifiers ...............................8
      3.2. PKINIT Pre-authentication Syntax and Use ...................9
           3.2.1. Generation of Client Request ........................9
           3.2.2. Receipt of Client Request ..........................14
           3.2.3. Generation of KDC Reply ............................18
                  3.2.3.1. Using Diffie-Hellman Key Exchange .........21
                  3.2.3.2. Using Public Key Encryption ...............23

Zhu & Tung                  Standards Track                     [Page 1]
RFC 4556                         PKINIT                        June 2006

           3.2.4. Receipt of KDC Reply ...............................25
      3.3. Interoperability Requirements .............................26
      3.4. KDC Indication of PKINIT Support ..........................27
   4. Security Considerations ........................................27
   5. Acknowledgements ...............................................30
   6. References .....................................................30
      6.1. Normative References ......................................30
      6.2. Informative References ....................................32
   Appendix A.  PKINIT ASN.1 Module ..................................33
   Appendix B.  Test Vectors .........................................38
   Appendix C.  Miscellaneous Information about Microsoft Windows
                PKINIT Implementations ...............................40

1.  Introduction

   The Kerberos V5 protocol [RFC4120] involves use of a trusted third
   party known as the Key Distribution Center (KDC) to negotiate shared
   session keys between clients and services and provide mutual
   authentication between them.

   The corner-stones of Kerberos V5 are the Ticket and the
   Authenticator.  A Ticket encapsulates a symmetric key (the ticket
   session key) in an envelope (a public message) intended for a
   specific service.  The contents of the Ticket are encrypted with a
   symmetric key shared between the service principal and the issuing
   KDC.  The encrypted part of the Ticket contains the client principal
   name, among other items.  An Authenticator is a record that can be
   shown to have been recently generated using the ticket session key in
   the associated Ticket.  The ticket session key is known by the client
   who requested the ticket.  The contents of the Authenticator are
   encrypted with the associated ticket session key.  The encrypted part
   of an Authenticator contains a timestamp and the client principal
   name, among other items.

   As shown in Figure 1, below, the Kerberos V5 protocol consists of the
   following message exchanges between the client and the KDC, and the
   client and the application service:

    - The Authentication Service (AS) Exchange

      The client obtains an "initial" ticket from the Kerberos
      authentication server (AS), typically a Ticket Granting Ticket