[krbdev.mit.edu #7554] Documentation__Encryption types
Zhanna Tsitkova via RT
rt-comment at krbdev.mit.edu
Wed Jan 30 14:51:26 EST 2013
The following are a few suggestions for this document in the order how
they appear in the text:
1. Consider moving the description of the key types into separate
section (Perhaps, under "Kerberos V5 concepts") so it could be
referenced from the other docs such as "Retiring DES", and further
developed if desired;
2. In "Session key selection" mention that the error (and what error)
will be issued if the intersection is empty;
3. In "Configuration variables" try to use x-reference to the
attributes in krb5.conf instead of rewording their description
here. (See how it is done in http://web.mit.edu/kerberos/krb5-current/doc/admin/lockout.html#configuring-account-lockout)
4. In "Enctype compatibility" mention that Camellia was disabled by
default in the releases 1.9-1.10;
5. Add a paragraph about the performance vs security trade-offs and
recommendations when setting permitted_enctypes and friends;
6. Mention this article in krb5.conf (Perhaps, in its SeeAlso section)
7. Instead of "krb5-1.11" use "release 1.11" as a commonly used
reference across MIT KC documentation.
More information about the krb5-bugs
mailing list