Re: [kitten] Fwd: New Version Notification for draft-kaduk-kitten-des-des-des-die-die-die-00.txt
Tom Yu <tlyu@mit.edu> Fri, 06 March 2015 20:49 UTC
Return-Path: <tlyu@mit.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD1B71A7034 for <kitten@ietfa.amsl.com>; Fri, 6 Mar 2015 12:49:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a3A4mEfa947x for <kitten@ietfa.amsl.com>; Fri, 6 Mar 2015 12:49:34 -0800 (PST)
Received: from dmz-mailsec-scanner-8.mit.edu (dmz-mailsec-scanner-8.mit.edu [18.7.68.37]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 420FE1A6F12 for <kitten@ietf.org>; Fri, 6 Mar 2015 12:49:33 -0800 (PST)
X-AuditID: 12074425-f79846d0000054e1-e1-54fa12dcc6bb
Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-8.mit.edu (Symantec Messaging Gateway) with SMTP id FF.9C.21729.CD21AF45; Fri, 6 Mar 2015 15:49:32 -0500 (EST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id t26KnQnP001687; Fri, 6 Mar 2015 15:49:26 -0500
Received: from localhost (sarnath.mit.edu [18.18.1.190]) (authenticated bits=0) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id t26KnOE5026863; Fri, 6 Mar 2015 15:49:25 -0500
From: Tom Yu <tlyu@mit.edu>
To: Chaskiel Grundman <cgrundman@gmail.com>
References: <alpine.GSO.1.10.1503061501270.3953@multics.mit.edu> <CA+-VZgAObByvmgOZ0ndH9kxB02X0_C3cz0on8ro+Ljpv4Xgmqg@mail.gmail.com>
Date: Fri, 06 Mar 2015 15:49:24 -0500
In-Reply-To: <CA+-VZgAObByvmgOZ0ndH9kxB02X0_C3cz0on8ro+Ljpv4Xgmqg@mail.gmail.com> (Chaskiel Grundman's message of "Fri, 6 Mar 2015 15:28:08 -0500")
Message-ID: <ldvmw3p6ecr.fsf@sarnath.mit.edu>
Lines: 33
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrDIsWRmVeSWpSXmKPExsUixCmqrXtH6FeIwfFFXBavPzxjsTi6eRWL A5PHzll32T2WLPnJFMAUxWWTkpqTWZZapG+XwJVxs+k/S8Fxropb93cwNTDu5ehi5OSQEDCR WNV3iRXCFpO4cG89WxcjF4eQwGImiWdLj0A5Gxgl5l6fzgzhvGaUuLRuHTtIC5uAtMTxy7uY QGwRAW2JdZ/vAnVwcDALmEr8+2EFEhYWyJS43PQabIOQQDujRMfaYhCbRUBV4vTc3UwgMzkF pjJKvH3bCzaTV0BX4vn+cywgc3gEOCXaN/pAhAUlTs58wgJiMwtoSdz495JpAqPALCSpWUhS CxiZVjHKpuRW6eYmZuYUpybrFicn5uWlFula6OVmluilppRuYgQFJLuL6g7GCYeUDjEKcDAq 8fB2SP0MEWJNLCuuzD3EKMnBpCTKO5P7V4gQX1J+SmVGYnFGfFFpTmrxIUYJDmYlEd6+L0Dl vCmJlVWpRfkwKWkOFiVx3k0/+EKEBNITS1KzU1MLUotgsjIcHEoSvNGCQEMFi1LTUyvSMnNK ENJMHJwgw3mAhu8CqeEtLkjMLc5Mh8ifYtTlODR7z0wmIZa8/LxUKXHeWSBFAiBFGaV5cHNg ieQVozjQW8K86SBVPMAkBDfpFdASJqAlWmI/QJaUJCKkpBoYIybPO5V6aInG5vKHkbM3Zs7o Xpawy/bxL3m10oOVvypFivZnc0wq38l19pqAANMEh69TfjdumHRo2TGpKSd31e/3OLqTrX7p 22CZ1Qt7BU4ZNPbVJHBwzIq9FXesuve1cchyy9+OV99s5Q1amNjz6wS3zxt2kbmTfLWWXJvN JrOj/BHfXf31y5VYijMSDbWYi4oTAVkFS2//AgAA
Archived-At: <http://mailarchive.ietf.org/arch/msg/kitten/puakeOtNEYTqiP0XaHoo3N9HiXU>
Cc: kitten@ietf.org
Subject: Re: [kitten] Fwd: New Version Notification for draft-kaduk-kitten-des-des-des-die-die-die-00.txt
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Mar 2015 20:49:37 -0000
Chaskiel Grundman <cgrundman@gmail.com> writes: > I'm not going to object to the principle of deprecating DES3, but > claiming that AES "quickly followed" DES3 is inaccurate. The first > mention of DES3 in the mit krb5 commit history is > > Author: tytso <tytso@dc483132-0cff-0310-8789-dd5450dbe970> > Date: Thu Jan 11 03:29:50 1996 +0000 > > Fix return type for mit_des3_string_to_key(). > > > git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7297 > dc483132-0cff-0310-8789-dd5450dbe970 I believe that krb5-1.2 (around 2000) was the first to have substantial support for DES3. krb5-1.1 (around 1999) only supported it for ticket encryption, not session keys. It might also have been a variant that didn't do key derivation. > It also appeared in the first heimdal release in 1999 (but GSSAPI did > not interop with MIT until somewhere between late 0.3 and 0.6.) > > Some AES code appeared in MIT krb5 in 2003, but I don't know if it > corresponds to what was standardized in rfc3962 in 2005. Heimdal did > not release AES until 0.7 in 2005 Thanks for the historical information. I think it's most important to note that we believe that deployed code that supports DES3 but not AES is rare, partly as a result of this history. Please provide some more details if there is evidence to the contrary. -Tom
- Re: [kitten] Fwd: New Version Notification for dr… Tom Yu
- [kitten] Fwd: New Version Notification for draft-… Benjamin Kaduk
- Re: [kitten] Fwd: New Version Notification for dr… Chaskiel Grundman
- Re: [kitten] Fwd: New Version Notification for dr… Tom Yu
- Re: [kitten] Fwd: New Version Notification for dr… Benjamin Kaduk
- Re: [kitten] Fwd: New Version Notification for dr… Jeffrey Altman