elliptic curve pkinit?

Bob McElrath bob at vidaidentity.com
Mon Apr 3 11:24:01 EDT 2017

We are using MIT Kerberos with PKINIT using certificates using the secp256k1 curve.  It works fine.  I believe the certificates can be signed with any elliptic curve that openssl knows how to verify.

Internally the MIT implementation uses ephemeral Diffie-Hellman on RSA.  Perhaps that is what Greg meant with his "no" answer?
From: kerberos-bounces at mit.edu <kerberos-bounces at mit.edu> on behalf of Rick van Rein <rick at openfortress.nl>
Sent: Monday, April 3, 2017 8:36 AM
To: krb at pallissard.net
Cc: kerberos at mit.edu
Subject: Re: elliptic curve pkinit?


> Has MIT kerberos implemented pkinit with elliptic curve certs/keys?  Some initial searching points me to an informational ietf RFC posted out there, but nothing official.

FWIW, in the ARPA2 project we're working on Realm Crossover (based on
DANE/DNSSEC) which uses ECDHE.  The protocol is almost compatible with
PKINIT, but not quite on account of a technicality (no tickets in the
reply).  The work leaves openings for client-to-KDC access, but doesn't
fill them in.


A glimpse at upcoming software (and the earlier PoC) are on

Kerberos mailing list           Kerberos at mit.edu

More information about the Kerberos mailing list