Last Call: <draft-ietf-krb-wg-des-die-die-die-04.txt> (Deprecate DES, RC4-HMAC-EXP, and other weak cryptographic algorithms in Kerberos) to Best Current Practice
The IESG <iesg-secretary@ietf.org> Sun, 25 March 2012 12:24 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: ietf-announce@ietfa.amsl.com
Delivered-To: ietf-announce@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1306121F84A7 for <ietf-announce@ietfa.amsl.com>; Sun, 25 Mar 2012 05:24:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.49
X-Spam-Level:
X-Spam-Status: No, score=-101.49 tagged_above=-999 required=5 tests=[AWL=1.110, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A249rJMRQQQw; Sun, 25 Mar 2012 05:24:20 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F76821F849A; Sun, 25 Mar 2012 05:24:20 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Subject: Last Call: <draft-ietf-krb-wg-des-die-die-die-04.txt> (Deprecate DES, RC4-HMAC-EXP, and other weak cryptographic algorithms in Kerberos) to Best Current Practice
X-Test-IDTracker: no
X-IETF-IDTracker: 4.00
Message-ID: <20120325122420.28510.3967.idtracker@ietfa.amsl.com>
Date: Sun, 25 Mar 2012 05:24:20 -0700
Cc: ietf-krb-wg@lists.anl.gov
X-BeenThere: ietf-announce@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: ietf@ietf.org
List-Id: "IETF announcement list. No discussions." <ietf-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-announce>
List-Post: <mailto:ietf-announce@ietf.org>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 25 Mar 2012 12:24:21 -0000
This is a repeat last call, just to include the downref (omitted by a careless AD:-) The IESG has received a request from the Kerberos WG (krb-wg) to consider the following document: - 'Deprecate DES, RC4-HMAC-EXP, and other weak cryptographic algorithms in Kerberos' <draft-ietf-krb-wg-des-die-die-die-04.txt> as a Best Current Practice The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2012-04-08. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract The Kerberos 5 network authentication protocol, originally specified in RFC1510, can use the Data Encryption Standard (DES) for encryption. Almost 30 years after first publishing DES, the National Institute of Standards and Technology (NIST) finally withdrew the standard in 2005, reflecting a long-established consensus that DES is insufficiently secure. By 2008, commercial hardware costing less than USD 15,000 could break DES keys in less than a day on average. DES is long past its sell-by date. Accordingly, this document updates RFC1964, RFC4120, RFC4121, and RFC4757 to deprecate the use of DES, RC4-HMAC-EXP, and other weak cryptographic algorithms in Kerberos. Because RFC1510 (obsoleted by RFC4120) supports only DES, this document reclassifies RFC1510 as Historic. The file can be obtained via http://datatracker.ietf.org/doc/draft-ietf-krb-wg-des-die-die-die/ IESG discussion can be tracked via http://datatracker.ietf.org/doc/draft-ietf-krb-wg-des-die-die-die/ballot/ No IPR declarations have been submitted directly on this I-D. There is a downward reference to RFC 4757 in order to deprecate an algorithm specified in that RFC; this downward reference is appropriate because reclassifying RFC 4757 as standards track is not desired.