Review of http://k5wiki.kerberos.org/wiki/Projects/Disable_DES ending February 13, 2009
raeburn at MIT.EDU
Thu Jan 29 12:21:13 EST 2009
On Jan 28, 2009, at 21:16, Tom Yu wrote:
> Please review the project
I don't think "in the future, in a separate project, [we will make X
set of changes]" should be a part of this project proposal. Maybe you
can mention in general terms what you anticipate will be done, but if
you write what *will* be done, either you're proposing those changes
for review now (and implementation later) and should provide a
commensurate level of detail, or you're asserting that they'll be
done, without review. In this case, I don't think we should be
getting into details of "permitted_enctypes" config option processing
now. You even say it's a separate project; if you want to review the
details now, write it up as a separate project.
The project policy page lists a bunch of things that should be in a
complete project proposal. Several of them are missing here, and only
some of those appear not to be applicable.
There's no discussion of the impact on existing deployments when
updating clients, servers, or KDCs, or what will or won't work if you
don't set allow_weak_crypto=yes. It will need to be well documented,
both in our regular documentation (man pages, install and admin
guides) and prominently in the release notes.
It might even be worthwhile to change certain programs to check for
DES keys (or, generally, keys of unsupported encryption types, but
that would lead to vaguer messages) and warn if they're found.
"You're using a DES key and DES is disabled unless you set
allow_weak_crypto=yes in your config files" would be more useful than
"no matching key found" or whatever.
More information about the krbdev