The IESG has approved the following document: - 'Deprecate 3DES and RC4 in Kerberos' (draft-ietf-curdle-des-des-des-die-die-die-05.txt) as Best Current Practice This document is the product of the CURves, Deprecating and a Little more Encryption Working Group. The IESG contact persons are Benjamin Kaduk and Eric Rescorla. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-curdle-des-des-des-die-die-die/ Technical Summary The 3DES and RC4 encryption types are steadily weakening in cryptographic strength, and the deprecation process should be begun for their use in Kerberos. Accordingly, RFC 4757 is moved to Obsolete status, as none of the encryption types it specifies should be used, and RFC 3961 is updated to note the deprecation of the triple-DES encryption types. Working Group Summary No controversy. Document Quality This does not apply here. My understanding is implementations are likely to implement the draft, especially with the "SHOULD NOT" recommendation. Both co-authors expect to start the deprecation process which is slow to achieve as there is now a long deployment history. A deprecation will not remove the actual software implementation right away, but progressively disable it. Personnel Daniel Migault is the shepherd, Eric Rescorla is the AD
