Skip to main content

Key Derivation for Kerberos V5

Document Type Expired Internet-Draft (cat WG)
Expired & archived
Author Marc Horowitz
Last updated 1996-11-27
RFC stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Additional resources Mailing list discussion
Stream WG state WG Document
Document shepherd (None)
IESG IESG state Expired
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


In the Kerberos protocol [RFC1510], cryptographic keys are used in a number of places. In order to minimize the effect of compromising a key, it is desirable to use a different key for each of these places. Key derivation [Horowitz96] can be used to construct different keys for each operation from the keys transported on the network. For this to be possible, a small change to the specification is necessary.


Marc Horowitz

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)