[Ietf-krb-wg] Last Call: <draft-ietf-krb-wg-des-die-die-die-04.txt> (Deprecate DES, RC4-HMAC-EXP, and other weak cryptographic algorithms in Kerberos) to Best Current Practice
The IESG <iesg-secretary@ietf.org> Sun, 25 March 2012 12:24 UTC
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0EDAD21F849A for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Sun, 25 Mar 2012 05:24:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.322
X-Spam-Level:
X-Spam-Status: No, score=-104.322 tagged_above=-999 required=5 tests=[AWL=2.277, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rj2jHdgFDiIQ for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Sun, 25 Mar 2012 05:24:28 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by ietfa.amsl.com (Postfix) with ESMTP id C550121F84AE for <krb-wg-archive@lists.ietf.org>; Sun, 25 Mar 2012 05:24:28 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 3673880; Sun, 25 Mar 2012 07:24:28 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id AEA387D; Sun, 25 Mar 2012 07:24:23 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 612B8427C; Sun, 25 Mar 2012 07:24:23 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id D3C7F3442EF for <ietf-krb-wg@lists.anl.gov>; Sun, 25 Mar 2012 07:24:22 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id B14DF7CC0DA; Sun, 25 Mar 2012 07:24:22 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 24994-04; Sun, 25 Mar 2012 07:24:22 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 90C847CC0D2 for <ietf-krb-wg@lists.anl.gov>; Sun, 25 Mar 2012 07:24:22 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Ao0BAJINb08MFjoemWdsb2JhbABEuCMiAQEBAQEICwsbJ4JKNAtRBSonFw4FiA0IuAyRKASIV4RRiDcBgRGOPoNl
X-IronPort-AV: E=Sophos;i="4.75,315,1330927200"; d="scan'208";a="77400017"
Received: from mail.ietf.org ([12.22.58.30]) by mailgateway.anl.gov with ESMTP; 25 Mar 2012 07:24:21 -0500
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1FE1C21F84AA for <ietf-krb-wg@lists.anl.gov>; Sun, 25 Mar 2012 05:24:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A249rJMRQQQw; Sun, 25 Mar 2012 05:24:20 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F76821F849A; Sun, 25 Mar 2012 05:24:20 -0700 (PDT)
MIME-Version: 1.0
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 4.00
Message-ID: <20120325122420.28510.3967.idtracker@ietfa.amsl.com>
Date: Sun, 25 Mar 2012 05:24:20 -0700
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Cc: ietf-krb-wg@lists.anl.gov
Subject: [Ietf-krb-wg] Last Call: <draft-ietf-krb-wg-des-die-die-die-04.txt> (Deprecate DES, RC4-HMAC-EXP, and other weak cryptographic algorithms in Kerberos) to Best Current Practice
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.14
Precedence: list
Reply-To: ietf@ietf.org
List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
Sender: ietf-krb-wg-bounces@lists.anl.gov
This is a repeat last call, just to include the downref (omitted by a careless AD:-) The IESG has received a request from the Kerberos WG (krb-wg) to consider the following document: - 'Deprecate DES, RC4-HMAC-EXP, and other weak cryptographic algorithms in Kerberos' <draft-ietf-krb-wg-des-die-die-die-04.txt> as a Best Current Practice The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2012-04-08. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract The Kerberos 5 network authentication protocol, originally specified in RFC1510, can use the Data Encryption Standard (DES) for encryption. Almost 30 years after first publishing DES, the National Institute of Standards and Technology (NIST) finally withdrew the standard in 2005, reflecting a long-established consensus that DES is insufficiently secure. By 2008, commercial hardware costing less than USD 15,000 could break DES keys in less than a day on average. DES is long past its sell-by date. Accordingly, this document updates RFC1964, RFC4120, RFC4121, and RFC4757 to deprecate the use of DES, RC4-HMAC-EXP, and other weak cryptographic algorithms in Kerberos. Because RFC1510 (obsoleted by RFC4120) supports only DES, this document reclassifies RFC1510 as Historic. The file can be obtained via http://datatracker.ietf.org/doc/draft-ietf-krb-wg-des-die-die-die/ IESG discussion can be tracked via http://datatracker.ietf.org/doc/draft-ietf-krb-wg-des-die-die-die/ballot/ No IPR declarations have been submitted directly on this I-D. There is a downward reference to RFC 4757 in order to deprecate an algorithm specified in that RFC; this downward reference is appropriate because reclassifying RFC 4757 as standards track is not desired. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg