Key Derivation for Kerberos V5

Document Type Expired Internet-Draft (cat WG)
Author Marc Horowitz 
Last updated 1996-11-27
Stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Expired & archived
plain text pdf htmlized bibtex
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state Expired
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


In the Kerberos protocol [RFC1510], cryptographic keys are used in a number of places. In order to minimize the effect of compromising a key, it is desirable to use a different key for each of these places. Key derivation [Horowitz96] can be used to construct different keys for each operation from the keys transported on the network. For this to be possible, a small change to the specification is necessary.


Marc Horowitz (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)