Flexible Key Agreement for Transport Layer Security (FKA-TLS)

This document defines extensions to RFC 4279 to enable dynamic key sharing in distributed environments. By using these extensions, the client and the server can use off-shelf libraries to exchange tokens and establish a shared secret, based on a Generic Security Service Application Program Interface (GSS-API) mechanism such as Kerberos as defined in RFC 4121, and then proceed according to RFC 4279 to complete the authentication and provide data protection.