supportedKDFs in AuthPack not defined in RFC4556

Li, Jiajia at
Fri Dec 25 01:30:46 EST 2015

Hi all,

In mit source code k5-int-pkinit.h:
/** AuthPack from RFC 4556*/
typedef struct _krb5_auth_pack {
    krb5_pk_authenticator       pkAuthenticator;
    krb5_subject_pk_info        *clientPublicValue; /* Optional */
    krb5_algorithm_identifier   **supportedCMSTypes; /* Optional */
    krb5_data                   clientDHNonce; /* Optional */
    krb5_data                   **supportedKDFs; /* OIDs of KDFs; OPTIONAL */
} krb5_auth_pack;

It looks like MIT implementation is not sync with the RFC4556. Anybody know why?


More information about the krbdev mailing list