PKINIT Algorithm Agility
2012
This document updates PKINIT, as defined in RFC 4556, to remove
protocol structures tied to specific cryptographic algorithms. The
PKINIT key derivation function is made negotiable, the digest
algorithms for signing the pre-authentication data and the client's
X.509 certificates are made discoverable. These changes provide
preemptive protection against vulnerabilities discovered in the future
against any specific cryptographic algorithm, and allow incremental
deployment of newer algorithms.
Keywords:
- Correction
- Source
- Cite
- Save
- Machine Reading By IdeaReader
0
References
2
Citations
NaN
KQI