%% You should probably cite rfc6113 instead of this I-D.
@techreport{ietf-krb-wg-preauth-framework-17,
    number =    {draft-ietf-krb-wg-preauth-framework-17},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-ietf-krb-wg-preauth-framework/17/},
    author =    {Sam Hartman and Larry Zhu},
    title =     {{A Generalized Framework for Kerberos Pre-Authentication}},
    pagetotal = 48,
    year =      2010,
    month =     jun,
    day =       22,
    abstract =  {Kerberos is a protocol for verifying the identity of principals (e.g., a workstation user or a network server) on an open network. The Kerberos protocol provides a facility called pre-authentication. Pre-authentication mechanisms can use this facility to extend the Kerberos protocol and prove the identity of a principal. This document describes a more formal model for this facility. The model describes what state in the Kerberos request a pre-authentication mechanism is likely to change. It also describes how multiple pre-authentication mechanisms used in the same request will interact. This document also provides common tools needed by multiple pre-authentication mechanisms. One of these tools is a secure channel between the client and the key distribution center with a reply key strengthening mechanism; this secure channel can be used to protect the authentication exchange and thus eliminate offline dictionary attacks. With these tools, it is relatively straightforward to chain multiple authentication mechanisms, utilize a different key management system, or support a new key agreement algorithm. {[}STANDARDS-TRACK{]}},
}