Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) Algorithm Agility
RFC 8636

Received changes through RFC Editor sync (created alias RFC 8636, changed title to 'Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) Algorithm Agility', changed abstract to 'This document updates the Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) standard (RFC 4556) to remove protocol structures tied to specific cryptographic algorithms. The PKINIT key derivation function is made negotiable, and the digest algorithms for signing the pre-authentication data and the client's X.509 certificates are made discoverable.

These changes provide preemptive protection against vulnerabilities discovered in the future in any specific cryptographic algorithm and allow incremental deployment of newer algorithms.', changed pages to 21, changed standardization level to Proposed Standard, changed state to RFC, added RFC published event at 2019-07-18, changed IESG state to RFC Published, created updates relation between draft-ietf-kitten-pkinit-alg-agility and RFC 4556)