RFC 6542 adopted by MIT krb5?
Wang Weijun
weijun.wang at oracle.com
Thu Oct 15 21:52:06 EDT 2015
> On Oct 16, 2015, at 2:00 AM, Greg Hudson <ghudson at mit.edu> wrote:
>
> On 10/15/2015 04:00 AM, Wang Weijun wrote:
>> We (Java team at Oracle) are going through weak algorithms in all our code and noticed our krb5 GSS-API mech is using MD5 in channel binding. I noticed RFC 6542 already updated it. Does MIT krb5 support it?
>
> To the best of my knowledge, we haven't implemented it yet.
Is there a plan?
The TLS guys in our team are talking about removing SHA-1 and I am asked what we can do on Kerberos. I said we only need for a little while because the SHA-2 related etypes are already in an IETF draft. And then I notice we are still using MD5. :-(
--Max
More information about the krbdev
mailing list