Skip to main content

8.1. Specification 2

Overview

This section provides detailed interoperability specifications that implementations MUST follow to ensure compatibility.

Mandatory Requirements

Encryption Support

Implementations MUST support specific encryption types for basic interoperability. See RFC 3961 and related specifications for:

Required encryption algorithms
Mandatory checksum types
Key derivation functions

Protocol Messages

All implementations MUST support:

AS exchange (authentication service)
TGS exchange (ticket-granting service)
AP exchange (application authentication)
Error messages

Message Processing

Must handle unknown fields gracefully
Must support mandatory message fields
Must validate message structures
Must implement proper error handling

Optional Features

Certain features are optional but recommended:

Renewable tickets
Proxiable tickets
Forwardable tickets
Pre-authentication methods beyond required set

Compatibility Considerations

RFC 1510 Compatibility

Handling of legacy implementations
Graceful degradation where possible
Known incompatibilities documented

Extension Handling

Unknown extensions should be preserved
Must not reject messages solely due to unknown extensions
Exception: Authorization data may require rejection

Implementation Guidelines

Test interoperability with other implementations
Follow encoding rules strictly (DER)
Implement all required features
Document optional feature support

Reference

For complete specification, refer to RFC 4120 Section 8.1.

Overview
Mandatory Requirements
Optional Features
Compatibility Considerations
- RFC 1510 Compatibility
- Extension Handling
Implementation Guidelines
Reference