The IESG has received a request from the CURves, Deprecating and a Little more Encryption WG (curdle) to consider the following document: - 'Deprecate 3DES and RC4 in Kerberos' <draft-ietf-curdle-des-des-des-die-die-die-05.txt> as Best Current Practice The Last Call for the document draft-ietf-curdle-des-des-des-die-die-die is related to the status change document, also in Last Call, for status-change-kerberos-3des-rc4-to-historic. The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2018-04-24. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract The 3DES and RC4 encryption types are steadily weakening in cryptographic strength, and the deprecation process should be begun for their use in Kerberos. Accordingly, RFC 4757 is moved to Historic status, as none of the encryption types it specifies should be used, and RFC 3961 is updated to note the deprecation of the triple-DES encryption types. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-curdle-des-des-des-die-die-die/ IESG discussion can be tracked via https://datatracker.ietf.org/doc/draft-ietf-curdle-des-des-des-die-die-die/ballot/ No IPR declarations have been submitted directly on this I-D. The document contains these normative downward references. See RFC 3967 for additional information: rfc3961: Encryption and Checksum Specifications for Kerberos 5 (Proposed Standard - IETF stream) rfc4120: The Kerberos Network Authentication Service (V5) (Proposed Standard - IETF stream)
