@misc{rfc8070,
    series =    {Request for Comments},
    number =    8070,
    howpublished =  {RFC 8070},
    publisher = {RFC Editor},
    doi =       {10.17487/RFC8070},
    url =       {https://www.rfc-editor.org/info/rfc8070},
    author =    {Michiko Short and Seth Moore and Paul Miller},
    title =     {{Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) Freshness Extension}},
    pagetotal = 9,
    year =      2017,
    month =     feb,
    abstract =  {This document describes how to further extend the Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) extension (defined in RFC 4556) to exchange an opaque data blob that a Key Distribution Center (KDC) can validate to ensure that the client is currently in possession of the private key during a PKINIT Authentication Service (AS) exchange.},
}