near-term strategy for "disable DES" effort

Tom Yu tlyu at MIT.EDU
Fri Jan 30 21:31:53 EST 2009

Sam Hartman <hartmans at MIT.EDU> writes:

>>>>>> "Tom" == Tom Yu <tlyu at MIT.EDU> writes:
>     Tom> * Implement the "allow_weak_crypto" libdefault setting.  I
>     Tom> was leaning in favor of "false" but recent discussion of the
>     Tom> transition issues is calling that into question.  Unless I
>     Tom> hear strong objections, I will assert that defaulting to
>     Tom> "false" is acceptable for the alpha release and am willing to
>     Tom> reconsider prior to final release.
> I strongly object to this unless you meet Ken's documentation
> constraints.
> At a minimum, I think that
> * user guide
> * admin guide
> * kadmin man page
> need to be updated.  And I agree with Ken this is true for the alpha.
> If you do this, I think it is reasonable to default to false.
> Otherwise, I do not.

For now I will default to "allow_weak_crypto=true", and we can
reevaluate prior to the final release.  I have also updated the
project proposal page to include more detail.

More information about the krbdev mailing list