%% You should probably cite rfc8070 instead of this I-D. @techreport{ietf-kitten-pkinit-freshness-07, number = {draft-ietf-kitten-pkinit-freshness-07}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-ietf-kitten-pkinit-freshness/07/}, author = {Michiko Short and Seth Moore and Paul Miller}, title = {{Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) Freshness Extension}}, pagetotal = 9, year = 2016, month = may, day = 23, abstract = {This document describes how to further extend the Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) extension (defined in RFC 4556) to exchange an opaque data blob that a Key Distribution Center (KDC) can validate to ensure that the client is currently in possession of the private key during a PKINIT Authentication Service (AS) exchange.}, }