Camellia-CCM and defaults
ghudson@MIT.EDU
ghudson at MIT.EDU
Wed Aug 4 12:47:46 EDT 2010
We're hopefully close to being able to merge the camellia256-ccm and
camellia128-ccm enctype implementations to the trunk; the code is
ready, although I'd ideally like to get IANA assignments first.
Two questions:
1. Should we add these enctypes to the default etypes list used for
the default values of default_tgs_enctypes, default_tkt_enctypes,
and permitted_enctypes?
This would make it easier to deploy Camellia from the KDC when the
configurations of clients are not tightly controlled. It would,
obviously, expose clients to a bit of additional risk.
2. Should we add these enctypes to the default value of
supported_enctypes? (This is the default key:salt list used when
creating new principals or changing passwords.)
This would make it easier to switch a realm from using AES to
Camellia if, say, AES or SHA-1 were suddenly found to be weak,
since principal entries created after a 1.9 deployment will already
have Camellia keys.
Adding more enctypes here increases the database size and exposes
realms to additional risk if Camellia turns out to be weak.
If I receive no feedback, I will go with yes and yes, following the
precedent of the RC4 enctypes.
More information about the krbdev
mailing list