Review of http://k5wiki.kerberos.org/wiki/Projects/Disable_DES ending February 13, 2009
Nicolas.Williams at sun.com
Fri Jan 30 19:15:53 EST 2009
On Fri, Jan 30, 2009 at 03:32:19PM -0800, Russ Allbery wrote:
> Jeffrey Hutzelman <jhutz at cmu.edu> writes:
> > That means, among other things, the ability to generate and store new
> > service keys without taking them into use, the ability to begin issuing
> > service tickets with a new key while still handling AS requests using
> > the old client kvno (or vice versa), and a key management protocol and
> > clients that support these operations.
> I cannot emphasize enough how much I agree with this paragraph. All
> transition plans are rife with race conditions and deployment problems
> today without those capabilities.
Will Fiveash just committed the infrastructure needed for this to the
trunk as part of the master key migration project. Kudos Will!
More information about the krbdev