[Ietf-krb-wg] Protocol Action: 'Deprecate DES, RC4-HMAC-EXP, and other weak cryptographic algorithms in Kerberos' to Best Current Practice (draft-ietf-krb-wg-des-die-die-die-04.txt)
The IESG <iesg-secretary@ietf.org> Mon, 30 April 2012 18:27 UTC
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B98F21F88D4 for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Mon, 30 Apr 2012 11:27:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.568
X-Spam-Level:
X-Spam-Status: No, score=-104.568 tagged_above=-999 required=5 tests=[AWL=2.031, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YG4876k0IuE6 for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Mon, 30 Apr 2012 11:27:50 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by ietfa.amsl.com (Postfix) with ESMTP id 916D921F88A0 for <krb-wg-archive@lists.ietf.org>; Mon, 30 Apr 2012 11:27:50 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id D9A5547; Mon, 30 Apr 2012 13:27:49 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id EDFE340; Mon, 30 Apr 2012 13:27:45 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id C3DB554C001; Mon, 30 Apr 2012 13:27:45 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id A5B6581015 for <ietf-krb-wg@lists.anl.gov>; Mon, 30 Apr 2012 13:27:44 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 85EA27CC0D0; Mon, 30 Apr 2012 13:27:44 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 05335-06; Mon, 30 Apr 2012 13:27:44 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 601957CC0C5 for <ietf-krb-wg@lists.anl.gov>; Mon, 30 Apr 2012 13:27:44 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgwCABPZnk8MFjoemWdsb2JhbABEoE8BjwKDACIBAQEBAQgLCwcUJ4JKP1EFKj4sh3cIujiRIgSIZIRUiEUBgRGSOQ
X-IronPort-AV: E=Sophos;i="4.75,506,1330927200"; d="scan'208";a="79740783"
Received: from mail.ietf.org ([12.22.58.30]) by mailgateway.anl.gov with ESMTP; 30 Apr 2012 13:27:14 -0500
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF46621F88D0; Mon, 30 Apr 2012 11:27:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5SCaOAXbcoEM; Mon, 30 Apr 2012 11:27:13 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B3E921F88D5; Mon, 30 Apr 2012 11:27:13 -0700 (PDT)
MIME-Version: 1.0
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 4.02
Message-ID: <20120430182713.22192.4623.idtracker@ietfa.amsl.com>
Date: Mon, 30 Apr 2012 11:27:13 -0700
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Cc: krb-wg mailing list <ietf-krb-wg@lists.anl.gov>, krb-wg chair <krb-wg-chairs@tools.ietf.org>, RFC Editor <rfc-editor@rfc-editor.org>
Subject: [Ietf-krb-wg] Protocol Action: 'Deprecate DES, RC4-HMAC-EXP, and other weak cryptographic algorithms in Kerberos' to Best Current Practice (draft-ietf-krb-wg-des-die-die-die-04.txt)
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
Sender: ietf-krb-wg-bounces@lists.anl.gov
The IESG has approved the following document: - 'Deprecate DES, RC4-HMAC-EXP, and other weak cryptographic algorithms in Kerberos' (draft-ietf-krb-wg-des-die-die-die-04.txt) as a Best Current Practice This document is the product of the Kerberos Working Group. The IESG contact persons are Stephen Farrell and Sean Turner. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-ietf-krb-wg-des-die-die-die/ The IESG have approved the designation of RFC 1510 as an Historic RFC as requested by this document. Technical Summary A long long time ago Data Encryption Standard (DES) was standardized. Some 30 years later (2005) IT was withdrawn as a standard by National Institute of Standards and Technology (NIST), today 7 years later, its time for DES to finally die. By 2008 it was possible to brute force DES keys in 6.4 days using less than USD 10k worth of hardware. So by 2008 DES had passed its sell-by date. This document updates RFC1964, RFC4120, RFC4121 and RFC 4757 to deprecate the use of DES in Kerberos. Because the version of Kerberos specified in RFC1510 only supports DES and has been replaced by RFC4120, RFC1510 is reclassified as historic. There is a downward reference to RFC 4757 in order to deprecate an algorithm specified in that RFC; this downward reference is appropriate because reclassifying RFC 4757 as standards track is not desired. Working Group Summary This document represents the consensus of the Kerberos Working Group. Document Quality At least three major Kerberos implementations have already either implemented the recommendations of this document by removing DES support entirely, or changed their default configuration such that DES and related algorithms deprecated by this document must be explicitly enabled by an administrator before they can be used. Personnel The Document Shepherd for this document is Sam Hartman; Jeffrey Hutzelman acted as shepherd for much of the life of this document. The responsible Area Director is Stephen Farrell. RFC Editor Notes (1) Abstract OLD this document reclassifies RFC1510 as Historic. NEW this document recommends the reclassification of RFC1510 as Historic. (2) Section 2 OLD Accordingly, this document reclassifies [RFC1510] (obsoleted by [RFC4120]) as Historic NEW Accordingly, this document recommends the reclassification of [RFC1510] (obsoleted by [RFC4120]) as Historic (3) Section 5 OLD This document hereby reclassifies [RFC1510] as Historic. NEW This document recommends the reclassification of [RFC1510] as Historic. (4) Change from Updates 1510 to Obsoletes 1510 in the header Please change the header to say that this does not update 1510 (remove 1510 from the list of updated RFCs) and add that this document obsoletes 1510 (if approved) to the header. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg