IETF Logo Mail Archive

[Ietf-krb-wg] BCP 179, RFC 6649 on Deprecate DES, RC4-HMAC-EXP, and Other Weak Cryptographic Algorithms in Kerberos

rfc-editor@rfc-editor.org Tue, 03 July 2012 04:11 UTC

Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Delivered-To: ietfarch-krb-wg-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F011111E8116 for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Mon, 2 Jul 2012 21:11:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.338
X-Spam-Level:
X-Spam-Status: No, score=-105.338 tagged_above=-999 required=5 tests=[AWL=1.261, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Eq8HfJOJBqM4 for <ietfarch-krb-wg-archive@ietfa.amsl.com>; Mon, 2 Jul 2012 21:11:11 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by ietfa.amsl.com (Postfix) with ESMTP id 2651211E812C for <krb-wg-archive@lists.ietf.org>; Mon, 2 Jul 2012 21:11:11 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by localhost.anl.gov (Postfix) with ESMTP id 68A9074; Mon, 2 Jul 2012 23:11:17 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id CCD358A; Mon, 2 Jul 2012 23:11:11 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id C040354C002; Mon, 2 Jul 2012 23:11:11 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id 9E8E154C001 for <ietf-krb-wg@lists.anl.gov>; Mon, 2 Jul 2012 23:11:10 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 833CC7CC0A9; Mon, 2 Jul 2012 23:11:10 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 15902-05; Mon, 2 Jul 2012 23:11:10 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay.anl.gov (Postfix) with ESMTP id 673EC7CC0A4 for <ietf-krb-wg@lists.anl.gov>; Mon, 2 Jul 2012 23:11:10 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: ApUDABNw8k8MFjovgWdsb2JhbABFiSeccpBPIgEBFiYnghoCBAEBOxArLw0DFxYCGgUFLRIJCwcCBIdtCLsmizkZhSFgA4hKjGmBE5FwgT8
X-IronPort-AV: E=Sophos;i="4.77,514,1336366800"; d="scan'208";a="84029488"
Received: from rfc-editor.org ([12.22.58.47]) by mailgateway.anl.gov with ESMTP; 02 Jul 2012 23:11:10 -0500
Received: by rfc-editor.org (Postfix, from userid 30) id D7F0572F1C4; Mon, 2 Jul 2012 21:09:47 -0700 (PDT)
To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org
From: rfc-editor@rfc-editor.org
Message-Id: <20120703040947.D7F0572F1C4@rfc-editor.org>
Date: Mon, 02 Jul 2012 21:09:47 -0700
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Cc: ietf-krb-wg@lists.anl.gov, rfc-editor@rfc-editor.org
Subject: [Ietf-krb-wg] BCP 179, RFC 6649 on Deprecate DES, RC4-HMAC-EXP, and Other Weak Cryptographic Algorithms in Kerberos
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/options/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
Sender: ietf-krb-wg-bounces@lists.anl.gov

A new Request for Comments is now available in online RFC libraries.

        BCP 179        
        RFC 6649

        Title:      Deprecate DES, RC4-HMAC-EXP, and Other 
                    Weak Cryptographic Algorithms in Kerberos 
        Author:     L. Hornquist Astrand, T. Yu
        Status:     Best Current Practice
        Stream:     IETF
        Date:       July 2012
        Mailbox:    lha@apple.com, 
                    tlyu@mit.edu
        Pages:      7
        Characters: 13498
        Obsoletes:  RFC1510
        Updates:    RFC1964, RFC4120, RFC4121, RFC4757
        See Also:   BCP0179

        I-D Tag:    draft-ietf-krb-wg-des-die-die-die-04.txt

        URL:        http://www.rfc-editor.org/rfc/rfc6649.txt

The Kerberos 5 network authentication protocol, originally specified
in RFC 1510, can use the Data Encryption Standard (DES) for
encryption.  Almost 30 years after first publishing DES, the National
Institute of Standards and Technology (NIST) finally withdrew the
standard in 2005, reflecting a long-established consensus that DES is
insufficiently secure.  By 2008, commercial hardware costing less
than USD 15,000 could break DES keys in less than a day on average.
DES is long past its sell-by date.  Accordingly, this document
updates RFC 1964, RFC 4120, RFC 4121, and RFC 4757 to deprecate the
use of DES, RC4-HMAC-EXP, and other weak cryptographic algorithms in
Kerberos.  Because RFC 1510 (obsoleted by RFC 4120) supports only
DES, this document recommends the reclassification of RFC 1510 as
Historic.  This memo documents an Internet Best Current Practice.

This document is a product of the Kerberos WG Working Group of the IETF.


BCP: This document specifies an Internet Best Current Practices for the
Internet Community, and requests discussion and suggestions for 
improvements. Distribution of this memo is unlimited.

This announcement is sent to the IETF-Announce and rfc-dist lists.
To subscribe or unsubscribe, see
  http://www.ietf.org/mailman/listinfo/ietf-announce
  http://mailman.rfc-editor.org/mailman/listinfo/rfc-dist

For searching the RFC series, see http://www.rfc-editor.org/rfcsearch.html.
For downloading RFCs, see http://www.rfc-editor.org/rfc.html.

Requests for special distribution should be addressed to either the
author of the RFC in question, or to rfc-editor@rfc-editor.org.  Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.


The RFC Editor Team
Association Management Solutions, LLC


_______________________________________________
ietf-krb-wg mailing list
ietf-krb-wg@lists.anl.gov
https://lists.anl.gov/mailman/listinfo/ietf-krb-wg

v2.23.0 | Report a Bug | By Email