AES Encryption with HMAC-SHA2 for Kerberos 5

Document Type Replaced Internet-Draft (kitten WG)
Authors Michael Jenkins  , Michael Peck  , Kelley Burgin 
Last updated 2014-04-04 (latest revision 2013-10-01)
Replaced by RFC 8009
Stream IETF
Intended RFC status (None)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state Replaced by draft-ietf-kitten-aes-cts-hmac-sha2
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document specifies two encryption types and two corresponding checksum types for Kerberos 5. The new types use AES in CBC mode with plaintext padding for confidentiality and HMAC with a SHA-2 hash for integrity.


Michael Jenkins (
Michael Peck (
Kelley Burgin (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)