1.3 Overview

The BITS Peer-Caching: Peer Authentication Protocol allows hosts in an Active Directory domain to exchange self-signed X.509 certificates with enough information to associate those certificates securely with a domain account.

Peer authentication is intended for use by hosts that implement the BITS Peer-Caching: Content Retrieval Protocol, as specified in [MS-BPCR].

Peer authentication uses the Kerberos security system for authentication, allowing each host to do the following:

• Verify that the peer is allowed to participate in content retrieval.

• Associate the received certificate with the peer's Kerberos identity in a trustworthy way.

This protocol is used as part of a distributed peer-to-peer cache of URL content for use by the Background Intelligent Transfer Service (BITS) component. (For more information on BITS, see [MSDN-BITS].) Peer authentication ensures that peer clients and servers are members of the same domain, or in domains with bidirectional trust.