1. Introduction

   Under the current mechanism [RFC4120], the Kerberos Distribution
   Center (KDC) must limit the ticket session key encryption type
   (enctype) chosen for a given server to one it believes is supported
   by both the client and the server.  If both the client and server
   understand a stronger enctype than the one selected by the KDC, they
   cannot negotiate it.  As the result, the protection of application
   traffic is often weaker than necessary when the server can support
   different sets of enctypes depending on the server application
   software being used.

   This document specifies an extension to the Kerberos protocol to
   allow clients and servers to negotiate use of a different and
   possibly stronger cryptosystem in subsequent communication.

   This extension utilizes an authorization data element in the
   authenticator of the AP-REQ message [RFC4120].  The client sends the
   list of enctypes that it supports to the server; the server then
   informs the client of its choice.  The negotiated subkey is sent in
   the AP-REP message [RFC4120].