The IESG has received a request from the Common Authentication Technology Next Generation WG (kitten) to consider the following document: - 'PKINIT Algorithm Agility' <draft-ietf-kitten-pkinit-alg-agility-04.txt> as Proposed Standard
The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the [email protected] mailing lists by 2019-02-17. Exceptionally, comments may be sent to [email protected] instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document updates PKINIT, as defined in RFC 4556, to remove protocol structures tied to specific cryptographic algorithms. The PKINIT key derivation function is made negotiable, and the digest algorithms for signing the pre-authentication data and the client's X.509 certificates are made discoverable. These changes provide preemptive protection against vulnerabilities discovered in the future against any specific cryptographic algorithm, and allow incremental deployment of newer algorithms. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-kitten-pkinit-alg-agility/ IESG discussion can be tracked via https://datatracker.ietf.org/doc/draft-ietf-kitten-pkinit-alg-agility/ballot/ No IPR declarations have been submitted directly on this I-D.
