1.3.4 Secure Channel Maintenance

The security of a channel based on a shared secret depends on the secrecy of that shared value. Good cryptographic hygiene requires that such a shared value not be permanent. This protocol includes the facility to choose a new password and communicate it from the client to the DC. This allows client implementations of this protocol to set new passwords on machine accounts (if the request comes over a workstation secure channel) or on the trust accounts (if the request comes over a trusted domain secure channel).