Review of http://k5wiki.kerberos.org/wiki/Projects/Disable_DES ending February 13, 2009

[Ken Raeburn]

On Jan 28, 2009, at 21:16, Tom Yu wrote:
> Please review the project
>    http://k5wiki.kerberos.org/wiki/Projects/Disable_DES


I don't think "in the future, in a separate project, [we will make X  
set of changes]" should be a part of this project proposal.  Maybe you  
can mention in general terms what you anticipate will be done, but if  
you write what *will* be done, either you're proposing those changes  
for review now (and implementation later) and should provide a  
commensurate level of detail, or you're asserting that they'll be  
done, without review.  In this case, I don't think we should be  
getting into details of "permitted_enctypes" config option processing  
now.  You even say it's a separate project; if you want to review the  
details now, write it up as a separate project.

The project policy page lists a bunch of things that should be in a  
complete project proposal.  Several of them are missing here, and only  
some of those appear not to be applicable.

There's no discussion of the impact on existing deployments when  
updating clients, servers, or KDCs, or what will or won't work if you  
don't set allow_weak_crypto=yes.  It will need to be well documented,  
both in our regular documentation (man pages, install and admin  
guides) and prominently in the release notes.

It might even be worthwhile to change certain programs to check for  
DES keys (or, generally, keys of unsupported encryption types, but  
that would lead to vaguer messages) and warn if they're found.   
"You're using a DES key and DES is disabled unless you set  
allow_weak_crypto=yes in your config files" would be more useful than  
"no matching key found" or whatever.

Ken