A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : Move DES to Historic Status for Kerberos
Author(s) : L. Astrand
Filename : draft-lha-des-die-die-die-00.txt
Pages : 9
Date : 2009-07-31
A long long time ago DES was standardized. Some 30 years later
(2003) is was withdrawn as a standard by NIST, today 6 years later,
its time for DES to finally die. By 2008 it was possible to brute
force DES keys in 6.4 days using less than USD 10k worth of hardware.
So by 2008 DES had passsed its sell-by date. Use in Kerberos should
therefore stop.1. Requirements Notation
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].2. Background
Kerberos 5 was defined in [RFC1510] and updated in [RFC4120], the
Kerberos crypto system is defined by [RFC3961] and includes support
for DES encryption types. This document move all of the DES
encryption types to historic.
DES was withdrawn in [DES-Transition-Plan] by NIST.3. Recommendations
Kerberos implementation and deployments SHOULD NOT use the single DES
encryption: DES-CBC-MD5, DES-CBC-MD4, DES-CBC-CRC.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-lha-des-die-die-die-00.txt
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
- <ftp://ftp.ietf.org/internet-drafts/draft-lha-des-die-die-die-00.txt>
-
_______________________________________________
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
