elliptic curve pkinit?

Rick van Rein rick at openfortress.nl
Mon Apr 3 08:36:18 EDT 2017


> Has MIT kerberos implemented pkinit with elliptic curve certs/keys?  Some initial searching points me to an informational ietf RFC posted out there, but nothing official.

FWIW, in the ARPA2 project we're working on Realm Crossover (based on
DANE/DNSSEC) which uses ECDHE.  The protocol is almost compatible with
PKINIT, but not quite on account of a technicality (no tickets in the
reply).  The work leaves openings for client-to-KDC access, but doesn't
fill them in.


A glimpse at upcoming software (and the earlier PoC) are on


More information about the Kerberos mailing list