Interoperability with Microsoft KDC using AES

Marcus Watts mdw at
Wed May 30 00:59:42 EDT 2007

writes Todd Stecher <tstecher at>
> If this didn't happen, someone at MS is asleep at the wheel (right  
> larry / JK?).  In truth, when I left, AES interop was one of the top  
> priorities of the Windows team, and they've been contributing heavily  
> to the AES standard.
> (In fact, support for an AES Kerberos client may already be in Vista.)

Really?  Ok, yes, I understand Vista has AES.  But--last I heard,
MicroSoft has no plans to provide for AES in Windows XP or anything older
than Vista.  That's a shame.  The largest constraint against moving to
AES and retiring DES is lagging clients, and expecting people to retire
XP machines wholesale is unrealistic.  So far as I can tell, every other
major vendor either already supports AES, or has some sort of relatively
simple upgrade path that provides for AES on existing hardware with
minimal side-effects.

				-Marcus Watts

More information about the krbdev mailing list