RFC 6542 adopted by MIT krb5?
Benjamin Kaduk
kaduk at MIT.EDU
Thu Oct 15 22:22:45 EDT 2015
On Thu, 15 Oct 2015, Wang Weijun wrote:
>
> The TLS guys in our team are talking about removing SHA-1 and I am asked
> what we can do on Kerberos. I said we only need for a little while
> because the SHA-2 related etypes are already in an IETF draft. And then
> I notice we are still using MD5. :-(
It will be more than "a little while" before the SHA-2 enctypes are widely
deployed, I fear. Of course, the SHA-1 ones use HMAC-SHA1, but it is
harder to convince people that HMAC is different than to have an
alternative deployed.
-Ben
More information about the krbdev
mailing list