Review of http://k5wiki.kerberos.org/wiki/Projects/Disable_DES ending February 13, 2009
Sam Hartman
hartmans at MIT.EDU
Thu Jan 29 10:17:48 EST 2009
Tom, I have a couple of concerns here.
First, I don't understand what the use case is or functional
requirements are.
I mean we all know that we'd like to stop using DES. However I'd like
to understand the drivers for this to understand what the right
functionality is?
The main questions I have that would be answered by functional
requirements surround what the security/interoperability tradeoff is.
For example, much of the value of disabling DES could be accomplished
by disabling DES at the KDC. If the KDC does not issue tickets keyed
with DES or using DES as a session key, then for the most part clients
and servers will not use DES. ((Clients may still try to use DES for
string2key).
Also, the current project write up does not describe how the
krb5_c_weak_enctype will be used. If we're planning on moving to
something like permitted_enctypes = default - des then shouldn't that
be krb5int_c_weak_enctype instead?
I suspect I'll have additional questions once these are answered.
More information about the krbdev
mailing list