[krbdev.mit.edu #8648] Implement PKINIT freshness tokens

Greg Hudson via RT rt-comment at KRBDEV-PROD-APP-1.mit.edu
Mon Mar 12 11:21:03 EDT 2018

Previous message: [krbdev.mit.edu #8646] git commit
Next message: [krbdev.mit.edu #6555] k5_pac_validate_client()
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

RFC 8070 specifies PKINIT freshness tokens, which (once required) 
prevent a client with temporary access to the client certificate key 
from composing AS-REQs for future timestamps and passing them off as 
valid later.

Previous message: [krbdev.mit.edu #8646] git commit
Next message: [krbdev.mit.edu #6555] k5_pac_validate_client()
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the krb5-bugs mailing list