>Its good to know the reason why MIT Kerberos cannot handle EC >certificates right now.
I think it's important to be specific here; the issue is specifically a PKCS#11 token; Greg has already said that a software ECC certificate & key work fine. >So is there a way to submit a feature request for ECDSA support in MIT >Kerberos ? I have no inner view to the priorities of the MIT development team, so I can't answer that. I can say I personally have had success by submitting pull requests to their github page, which I suppose is a roundabout way of saying that the best way to make this happen is to do it yourself. I imagine at some time we will be transitioning to ECDSA certificates so if no one has implemented support by then I will probably do it. However, it sounds like you need this more urgently than I so I would not suggest waiting for me. --Ken ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos