Technical Summary
This document specifies an extension to the Kerberos protocol where
the client can send a list of supported encryption types in
decreasing preference order, and the server then selects an
encryption type that is supported by both the client and the
server. This extension is useful in cases where the client and server
support an encryption type that the KDC does not support; existing
mechanisms handle the case where the KDC supports the encryption type.
Working Group Summary
This document represents the consensus of the Kerberos Working Group.
Protocol Quality
At least one implementor has implemented this specification. This
document was reviewed for the IESG by Jeffrey Hutzelman and Sam
Hartman.
Note to RFC Editor
Please make the following changes:
In the Abstract:
OLD:
This document specifies an extension to the Kerberos protocol where
the client can send a list of supported encryption types in
decreasing preference order, and the server then selects an
encryption type that is supported by both the client and the server.
NEW:
This document specifies an extension to the Kerberos protocol as
defined in RFC4120, in which the client can send a list of supported
encryption types in decreasing preference order, and the server
then selects an encryption type that is supported by both the
client and the server.
At the beginning of section 1:
OLD:
Under the current mechanism [RFC4120], the KDC must limit the ticket
session key encryption type (enctype) chosen for a given server to
one it believes is supported by both the client and the server.
NEW:
Under the current mechanism [RFC4120], the Kerberos Key Distribution
Center (KDC) must limit the ticket session key encryption type
(enctype) chosen for a given server to one it believes is supported
by both the client and the server.