Using PKINIT with ECC
Ken Hornstein
kenh at cmf.nrl.navy.mil
Fri Jan 26 09:01:40 EST 2024
>Its good to know the reason why MIT Kerberos cannot handle EC
>certificates right now.
I think it's important to be specific here; the issue is specifically
a PKCS#11 token; Greg has already said that a software ECC certificate & key
work fine.
>So is there a way to submit a feature request for ECDSA support in MIT
>Kerberos ?
I have no inner view to the priorities of the MIT development team, so
I can't answer that. I can say I personally have had success by submitting
pull requests to their github page, which I suppose is a roundabout way
of saying that the best way to make this happen is to do it yourself.
I imagine at some time we will be transitioning to ECDSA certificates
so if no one has implemented support by then I will probably do it.
However, it sounds like you need this more urgently than I so I would
not suggest waiting for me.
--Ken
More information about the Kerberos
mailing list