Kerberos.NET icon indicating copy to clipboard operation
Kerberos.NET copied to clipboard

Published 20 hours ago verified publisher icon dotnet

Implement RFC 8636 to support crypto agility

Open SteveSyfuhs opened this issue 5 years ago • 0 comments

PKINIT is an asymmetric crypto extension for the initial AS-REQ authentication exchange. It's used for smart card (cert-based) authentication. The protocol has some crypto bits that are showing their age like the hardcoding of SHA-1.

RFC 8636 handles this by exposing some knobs to modify the types of algorithms used.

https://tools.ietf.org/html/rfc8636 https://tools.ietf.org/html/rfc4556

SteveSyfuhs avatar Jul 30 '20 18:07 SteveSyfuhs