[krbdev.mit.edu #8648] Implement PKINIT freshness tokens

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[krbdev.mit.edu #8648] Implement PKINIT freshness tokens

Greg Hudson via RT-2
RFC 8070 specifies PKINIT freshness tokens, which (once required)
prevent a client with temporary access to the client certificate key
from composing AS-REQs for future timestamps and passing them off as
valid later.

_______________________________________________
krb5-bugs mailing list
[hidden email]
https://mailman.mit.edu/mailman/listinfo/krb5-bugs