RFC 4537:Kerberos Cryptosystem Negotiation Extensi...
RFC-Ref

A - B - C - D - E - G - I - K - L - N - O - P - R - S - T - U - V - X

client

Click on the red underlined text to get to the source

1. Introduction
... encryption type (enctype) chosen for a given server to one it believes is supported by both the client and the server. If both the client and server understand a stronger enctype than the one selected by the KDC ...
... (enctype) chosen for a given server to one it believes is supported by both the client and the server. If both the client and server understand a stronger enctype than the one selected by the KDC, they ...
... This document specifies an extension to the Kerberos protocol to allow clients and servers to negotiate use of a different and possibly stronger cryptosystem in subsequent communication. ...
... authenticator of the AP-REQ message [RFC4120]. The client sends the list of enctypes that it supports to the server; the server then informs the client ...
... client sends the list of enctypes that it supports to the server; the server then informs the client of its choice. The negotiated subkey is sent in the AP-REP message ...


3. Negotiation Extension
... If the client prefers an enctype over that of the service ticket session key ...
... session key, then it SHOULD send a list of enctypes in decreasing preference order to the server. Based on local policy, the client selects enctypes out of all the enctypes available locally to be included in this list, and it SHOULD NOT include enctypes that are ...
... session key in the service ticket. In addition, the client SHOULD NOT include negative (local- use) enctype numbers unless it knows a priori that the server has been configured to use the same negative enctype numbers for the same ...
... enctypes. The client sends the enctype list via the authorization-data of the authenticator ...
... EtypeList ::= SEQUENCE OF Int32 -- Specifies the enctypes supported by the client. -- This enctype list is in decreasing preference order -- (favorite choice first). ...
... If the EtypeList is present and the server prefers an enctype from the client's enctype list over that of the AP-REQ authenticator ...
... If the enctype of the ticket session key is included in the enctype list sent by the client, it SHOULD be the last on the list; otherwise, this enctype MUST NOT be negotiated if it was not included in the list. ...
... This negotiation extension SHOULD NOT be used when the client does not expect the subkey in the AP-REP message ...
... KDC has a strong Pseudo-Random Number Generator (PRNG); as such, the client can take advantage of the randomness provided by the KDC by reusing the KDC ...
... entropy. The server MAY ignore the preference order indicated by the client. The policy by which the client or the server chooses an enctype ...
... The server MAY ignore the preference order indicated by the client. The policy by which the client or the server chooses an enctype (i.e., how the preference order for the supported enctypes is selected) is a local matter. ...


4. Security Considerations
... The client's enctype list and the server's reply enctype are part of encrypted data; thus, the security considerations ...

A - B - C - D - E - G - I - K - L - N - O - P - R - S - T - U - V - X

Google
Web
RFC-Ref
RFC-Ref.org
Frontpage
Global Index
RFC
Sister Sites
Chess-Ref.org
Law-Ref.org
InChI.info
Zvon.org