[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Search IETF archive

Protocol Action: 'Deprecate DES, RC4-HMAC-EXP, and other weak cryptographic algorithms in Kerberos' to Best Current Practice (draft-ietf-krb-wg-des-die-die-die-04.txt)



The IESG has approved the following document:
- 'Deprecate DES, RC4-HMAC-EXP, and other weak cryptographic algorithms
   in Kerberos'
  (draft-ietf-krb-wg-des-die-die-die-04.txt) as a Best Current Practice

This document is the product of the Kerberos Working Group.

The IESG contact persons are Stephen Farrell and Sean Turner.

A URL of this Internet Draft is:
http://datatracker.ietf.org/doc/draft-ietf-krb-wg-des-die-die-die/




The IESG have approved the designation of RFC 1510 as an Historic
RFC as requested by this document.

Technical Summary

  A long long time ago Data Encryption Standard (DES) was
  standardized. Some 30 years later (2005) IT was withdrawn as a
  standard by National Institute of Standards and Technology (NIST),
  today 7 years later, its time for DES to finally die. By 2008 it
  was possible to brute force DES keys in 6.4 days using less than
  USD 10k worth of hardware. So by 2008 DES had passed its sell-by
  date. This document updates RFC1964, RFC4120, RFC4121 and RFC 4757
  to deprecate the use of DES in Kerberos. Because the version of  
  Kerberos specified in RFC1510 only supports DES and has been
  replaced by RFC4120, RFC1510 is reclassified as historic. There is
  a downward reference to RFC 4757 in order to deprecate an algorithm
  specified in that RFC; this downward reference is appropriate 
  because reclassifying RFC 4757 as standards track is not desired.

Working Group Summary

  This document represents the consensus of the Kerberos Working Group.


Document Quality

  At least three major Kerberos implementations have already either
  implemented the recommendations of this document by removing DES
  support entirely, or changed their default configuration such that
  DES and related algorithms deprecated by this document must be 
  explicitly enabled by an administrator before they can be used.

Personnel

  The Document Shepherd for this document is Sam Hartman; Jeffrey Hutzelman acted
  as shepherd for much of the life of this document.
  The responsible Area Director is Stephen Farrell. 

RFC Editor Notes

(1)  Abstract

OLD
   this document reclassifies RFC1510 as Historic.
NEW
   this document recommends the reclassification of RFC1510 as Historic.

(2)  Section 2

OLD

   Accordingly, this document reclassifies [RFC1510]
   (obsoleted by [RFC4120]) as Historic

NEW
   Accordingly, this document recommends the reclassification of
   [RFC1510] (obsoleted by [RFC4120]) as Historic

(3) Section 5

OLD
   This document hereby reclassifies [RFC1510] as Historic.

NEW
   This document recommends the reclassification of [RFC1510] as
   Historic.

(4) Change from Updates 1510 to Obsoletes 1510 in the header

Please change the header to say that this does not update 1510 (remove
1510 from the list of updated RFCs) and add that this document obsoletes
1510 (if approved) to the header.





[IETF]     [IETF Discussion]     [Linux Kernel]