%% You should probably cite rfc8070 instead of this I-D. @techreport{ietf-kitten-pkinit-freshness-02, number = {draft-ietf-kitten-pkinit-freshness-02}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-ietf-kitten-pkinit-freshness/02/}, author = {Michiko Short and Seth Moore and Paul Miller}, title = {{Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) Freshness Extension}}, pagetotal = 8, year = 2015, month = dec, day = 11, abstract = {This document describes how to further extend the Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) extension {[}RFC4556{]} to exchange an opaque data blob that a KDC can validate to ensure that the client is currently in possession of the private key during a PKINIT AS exchange.}, }