Progress on  Kerberos since RFC 1510

News : Microsoft NT5.0 wil include Kerberos and PACs!!
  Public Key Cryptography for Initial Authentication in Kerberos

            This document defines extensions (PKINIT) to the Kerberos protocol    specification (RFC 1510 [1]) to provide a method for using public key cryptography during initial authentication.  The methods   defined specify the ways in which preauthentication data fields and  error data fields in Kerberos messages are to be used to transport public key data.

PKINIT utilizes Diffie-Hellman keys in combination with digital signature keys as the primary, required mechanism.  It also allows for the use of RSA keys.  Note that PKINIT supports the use of  separate signature and encryption keys.

author: Clifford Neuman, John Wray, Brian Tung, J. Trostle, M. Hur, A. Medvinsky,  Sasha Medvinsky

date:   05/17/1999

id:     draft-ietf-cat-kerberos-pk-init-08.txt

My short Summary


Public Key Cryptography for Cross-Realm Authentication in Kerberos

                 This document defines extensions to the Kerberos protocol  specification (RFC 1510, 'The Kerberos Network Authentication        Service (V5)', September 1993) to provide a method for using public key cryptography during cross-realm authentication.  The  methods defined here specify the way in which message exchanges are to be used to transport cross-realm secret keys protected by encryption under public keys certified as belonging to KDCs.

author: G.   Tsudik, Clifford Neuman, B. Sommerfeld, Brian Tung, M. Hur, T. Ryutov, A.  Medvinsky

date:   11/13/1998

id:     draft-ietf-cat-kerberos-pk-cross-05.txt

http://gost.isi.edu/info/kerberos/

Oscar is DSTC's PKI prototype. It consists of a C++ library and a number of command line tools for setting up Certification Authorities and utilising PKI technology.

JCSI is DSTC's Java Security Provider. It supports the JCA/JCE and supports a number of PKI features.

PKAF is the Australian Standards working group to establish a Public Key Authentication Framework. DSTC  has been involved at the committee level as well as contributing to a number of draft standards.

DSTC's Single-Sign-On environment is incorporating  PKI work through the use of PKINIT for initial  authentication to obtain a Kerberos credential.
 

The PKI page
http://www.pki-page.org/