Interoperability with Microsoft KDC using AES
Marcus Watts
mdw at spam.ifs.umich.edu
Wed May 30 00:59:42 EDT 2007
writes Todd Stecher <tstecher at qwest.net>
> If this didn't happen, someone at MS is asleep at the wheel (right
> larry / JK?). In truth, when I left, AES interop was one of the top
> priorities of the Windows team, and they've been contributing heavily
> to the AES standard.
>
> (In fact, support for an AES Kerberos client may already be in Vista.)
Really? Ok, yes, I understand Vista has AES. But--last I heard,
MicroSoft has no plans to provide for AES in Windows XP or anything older
than Vista. That's a shame. The largest constraint against moving to
AES and retiring DES is lagging clients, and expecting people to retire
XP machines wholesale is unrealistic. So far as I can tell, every other
major vendor either already supports AES, or has some sort of relatively
simple upgrade path that provides for AES on existing hardware with
minimal side-effects.
-Marcus Watts
More information about the krbdev
mailing list