IETF Logo Mail Archive

Re: [kitten] Fwd: New Version Notification for draft-kaduk-kitten-des-des-des-die-die-die-00.txt

Jeffrey Altman <jaltman@secure-endpoints.com> Tue, 10 March 2015 23:07 UTC

Return-Path: <prvs=1511d32960=jaltman@secure-endpoints.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 31C8F1A90AF for <kitten@ietfa.amsl.com>; Tue, 10 Mar 2015 16:07:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.101
X-Spam-Level:
X-Spam-Status: No, score=-0.101 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aVRj2Y8k_LVE for <kitten@ietfa.amsl.com>; Tue, 10 Mar 2015 16:07:21 -0700 (PDT)
Received: from sequoia-grove.secure-endpoints.com (sequoia-grove.ad.secure-endpoints.com [208.125.0.235]) (using TLSv1.2 with cipher AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 262F51A90AD for <kitten@ietf.org>; Tue, 10 Mar 2015 16:07:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=secure-endpoints.com; s=MDaemon; t=1426028819; x=1426633619; q=dns/txt; h=VBR-Info:Message-ID:Date:From:Organization: User-Agent:MIME-Version:To:CC:Subject:References:In-Reply-To: OpenPGP:Content-Type; bh=U/DDKjyBhluj1FXbLiKOl6F7AXjtws4sxlraQqQ 6UsA=; b=ixE7GAraOhOiT/Dn/33RlFRquEp+0t7qodaEygoOnLsKGxLoBooRJtL vnitn/tzTJEG9Z3x18gokHEhcGzi0C5ft/k9ceNfRFBi2VNBTRvKuHojjlEVRURr mO4hRlYauujgz5kSFt4Zq2SD1fQjjUvxZ+sMoXCXqou1uWoLgSZ8=
X-MDAV-Result: clean
X-MDAV-Processed: sequoia-grove.secure-endpoints.com, Tue, 10 Mar 2015 19:06:59 -0400
X-Spam-Processed: sequoia-grove.secure-endpoints.com, Tue, 10 Mar 2015 19:06:58 -0400
Received: from [x.x.x.x] by secure-endpoints.com (Cipher TLSv1.2:AES-SHA:128) (MDaemon PRO v15.0.0rc4) with ESMTPSA id md50000837163.msg for <kitten@ietf.org>; Tue, 10 Mar 2015 19:06:57 -0400
VBR-Info: md=secure-endpoints.com; mc=all; mv=vbr.emailcertification.org;
X-MDArrival-Date: Tue, 10 Mar 2015 19:06:57 -0400
X-Authenticated-Sender: jaltman@secure-endpoints.com
X-Return-Path: prvs=1511d32960=jaltman@secure-endpoints.com
X-Envelope-From: jaltman@secure-endpoints.com
X-MDaemon-Deliver-To: kitten@ietf.org
Message-ID: <54FF790B.5070300@secure-endpoints.com>
Date: Tue, 10 Mar 2015 19:06:51 -0400
From: Jeffrey Altman <jaltman@secure-endpoints.com>
Organization: Secure Endpoints Inc.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0
MIME-Version: 1.0
To: Tom Yu <tlyu@mit.edu>, Chaskiel Grundman <cgrundman@gmail.com>
References: <alpine.GSO.1.10.1503061501270.3953@multics.mit.edu> <CA+-VZgAObByvmgOZ0ndH9kxB02X0_C3cz0on8ro+Ljpv4Xgmqg@mail.gmail.com> <ldvmw3p6ecr.fsf@sarnath.mit.edu>
In-Reply-To: <ldvmw3p6ecr.fsf@sarnath.mit.edu>
OpenPGP: id=92B69A04; url=http://pgp.mit.edu
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="------------ms040108010002080500010300"
Archived-At: <http://mailarchive.ietf.org/arch/msg/kitten/yXmprUVufknpBkNlPuHrAtXeZoo>
Cc: kitten@ietf.org
Subject: Re: [kitten] Fwd: New Version Notification for draft-kaduk-kitten-des-des-des-die-die-die-00.txt
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Mar 2015 23:07:23 -0000

On 3/6/2015 3:49 PM, Tom Yu wrote:
> Chaskiel Grundman <cgrundman@gmail.com> writes:
> 
>> I'm not going to object to the principle of deprecating DES3, but
>> claiming that AES "quickly followed" DES3 is inaccurate. The first
>> mention of DES3 in the mit krb5 commit history is
>>
>> Author: tytso <tytso@dc483132-0cff-0310-8789-dd5450dbe970>
>> Date:   Thu Jan 11 03:29:50 1996 +0000
>>
>>     Fix return type for mit_des3_string_to_key().
>>
>>
>>     git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7297
>> dc483132-0cff-0310-8789-dd5450dbe970
> 
> I believe that krb5-1.2 (around 2000) was the first to have substantial
> support for DES3.  krb5-1.1 (around 1999) only supported it for ticket
> encryption, not session keys.  It might also have been a variant that
> didn't do key derivation.

DES3 support was a point of issue with Microsoft in late 1998/1999 when
the Common Solutions Group was invited to Redmond for meetings regarding
the feature set for Windows 2000.

DES3 support was standardized in Telnet in RFCs 2947 and 2948 based upon
the prior existence of DES3 support in Kerberos 5.  The RFCs were
published in September 2000 and the work on them began more than a year
before that which means that DES3 was deployed at Columbia in mid-1999.

Rijndael was announced as the AES algorithm in October 2000. The first
AES support was added to MIT krb5 by

commit e697a50c77314b0294b3a94329fb82e0c8692e56
Author: Ken Raeburn <raeburn@mit.edu>
Date:   Mon Feb 3 21:10:25 2003 +0000

    AES implementation by Briad Gladman; tweaked for krb5 tree

    git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15141
dc483132-0cff-0310-8789-dd5450dbe970

and was released as part of MIT krb5 1.3.

Jeffrey Altman

v2.23.0 | Report a Bug | By Email