Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.411 (Entity 5.404)
Subject: Checksum type 14 undefined
X-RT-Original-Encoding: iso-8859-1
Content-Length: 399

If the Windows 2003 KDC returns a pkinit reply with a checksum rather
than the insecure nonce, it uses checksum type 14.  This type is defined
in RFC3961, but not in the current code.  I'm assuming that
Vista/Longhorn will also use this checksum type.

If we hack the pkinit code to use checksum type 9 when we get back 14,
it works.  I do not know if a simple alias of type 9 is the correct answer.