near-term strategy for "disable DES" effort

Sam Hartman hartmans at MIT.EDU
Fri Jan 30 15:03:59 EST 2009

>>>>> "Tom" == Tom Yu <tlyu at MIT.EDU> writes:

    Tom> * Implement the "allow_weak_crypto" libdefault setting.  I
    Tom> was leaning in favor of "false" but recent discussion of the
    Tom> transition issues is calling that into question.  Unless I
    Tom> hear strong objections, I will assert that defaulting to
    Tom> "false" is acceptable for the alpha release and am willing to
    Tom> reconsider prior to final release.

I strongly object to this unless you meet Ken's documentation

At a minimum, I think that
* user guide
* admin guide
* kadmin man page

need to be updated.  And I agree with Ken this is true for the alpha.

If you do this, I think it is reasonable to default to false.
Otherwise, I do not.


More information about the krbdev mailing list