We are using MIT Kerberos with PKINIT using certificates using the secp256k1 curve. It works fine. I believe the certificates can be signed with any elliptic curve that openssl knows how to verify.
Internally the MIT implementation uses ephemeral Diffie-Hellman on RSA. Perhaps that is what Greg meant with his "no" answer? ________________________________________ From: kerberos-boun...@mit.edu <kerberos-boun...@mit.edu> on behalf of Rick van Rein <r...@openfortress.nl> Sent: Monday, April 3, 2017 8:36 AM To: k...@pallissard.net Cc: kerberos@mit.edu Subject: Re: elliptic curve pkinit? Hey, > Has MIT kerberos implemented pkinit with elliptic curve certs/keys? Some > initial searching points me to an informational ietf RFC posted out there, > but nothing official. FWIW, in the ARPA2 project we're working on Realm Crossover (based on DANE/DNSSEC) which uses ECDHE. The protocol is almost compatible with PKINIT, but not quite on account of a technicality (no tickets in the reply). The work leaves openings for client-to-KDC access, but doesn't fill them in. http://k5wiki.kerberos.org/wiki/Projects/Realm_Crossover_between_KDCs http://realm-xover.arpa2.net/kerberos.html A glimpse at upcoming software (and the earlier PoC) are on https://github.com/arpa2/kxover -Rick ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
