near-term strategy for "disable DES" effort

Nicolas Williams Nicolas.Williams at
Fri Jan 30 15:44:42 EST 2009

On Fri, Jan 30, 2009 at 03:03:59PM -0500, Sam Hartman wrote:
> >>>>> "Tom" == Tom Yu <tlyu at MIT.EDU> writes:
>     Tom> * Implement the "allow_weak_crypto" libdefault setting.  I
>     Tom> was leaning in favor of "false" but recent discussion of the
>     Tom> transition issues is calling that into question.  Unless I
>     Tom> hear strong objections, I will assert that defaulting to
>     Tom> "false" is acceptable for the alpha release and am willing to
>     Tom> reconsider prior to final release.
> I strongly object to this unless you meet Ken's documentation
> constraints.

I also object unless the default is a build-time option.  We would like
to eventually get to where we do code drops from MIT, but we might need
to make changes that can be seen as incompatible at potentially
different times than MIT.


More information about the krbdev mailing list