near-term strategy for "disable DES" effort
tlyu at MIT.EDU
Fri Jan 30 21:31:53 EST 2009
Sam Hartman <hartmans at MIT.EDU> writes:
>>>>>> "Tom" == Tom Yu <tlyu at MIT.EDU> writes:
> Tom> * Implement the "allow_weak_crypto" libdefault setting. I
> Tom> was leaning in favor of "false" but recent discussion of the
> Tom> transition issues is calling that into question. Unless I
> Tom> hear strong objections, I will assert that defaulting to
> Tom> "false" is acceptable for the alpha release and am willing to
> Tom> reconsider prior to final release.
> I strongly object to this unless you meet Ken's documentation
> At a minimum, I think that
> * user guide
> * admin guide
> * README
> * kadmin man page
> need to be updated. And I agree with Ken this is true for the alpha.
> If you do this, I think it is reasonable to default to false.
> Otherwise, I do not.
For now I will default to "allow_weak_crypto=true", and we can
reevaluate prior to the final release. I have also updated the
project proposal page to include more detail.
More information about the krbdev