near-term strategy for "disable DES" effort
hartmans at MIT.EDU
Fri Jan 30 15:03:59 EST 2009
>>>>> "Tom" == Tom Yu <tlyu at MIT.EDU> writes:
Tom> * Implement the "allow_weak_crypto" libdefault setting. I
Tom> was leaning in favor of "false" but recent discussion of the
Tom> transition issues is calling that into question. Unless I
Tom> hear strong objections, I will assert that defaulting to
Tom> "false" is acceptable for the alpha release and am willing to
Tom> reconsider prior to final release.
I strongly object to this unless you meet Ken's documentation
At a minimum, I think that
* user guide
* admin guide
* kadmin man page
need to be updated. And I agree with Ken this is true for the alpha.
If you do this, I think it is reasonable to default to false.
Otherwise, I do not.
More information about the krbdev