A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : Deprecate DES support for Kerberos
Author(s) : L. Astrand
Filename : draft-lha-des-die-die-die-01.txt
Pages : 10
Date : 2009-08-02
A long long time ago DES was standardized. Some 30 years later
(2003) is was withdrawn as a standard by NIST, today 6 years later,
its time for DES to finally die. By 2008 it was possible to brute
force DES keys in 6.4 days using less than USD 10k worth of hardware.
So by 2008 DES had passed its sell-by date. Use in Kerberos should
therefore stop.1. Requirements Notation
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].2. Background
Kerberos 5 was defined in [RFC1510] and updated in [RFC4120], the
Kerberos crypto system is defined by [RFC3961] and includes support
for DES encryption types. This document move all of the DES
encryption and related checksum types to historic.
DES was withdrawn in [DES-Transition-Plan] by NIST. IETF have also
published its the position in [RFC4772], which in the recommendation
summery is made very clear: "don't use DES".3. Recommendations
This document removes the mandatory-to-implement types from
[RFC4120]: Encryption: DES-CBC-MD5
This document removes the mandatory-to-implement types from [RFC4120]
when used in conjunction with DES-CBC-MD5: Checksums: DES-MD5
Kerberos implementation and deployments SHOULD NOT implement the
single DES encryption types: DES-CBC-MD5, DES-CBC-MD4, DES-CBC-CRC.
Kerberos implementation and deployments SHOULD NOT implement the
checksum type: CRC, RSA-MD4, RSA-MD4-DES, RSA-MAC, RSA-MAC-K, RSA-
MD5, RSA-MD5-DES.
Note that RSA-MD5 might be with non-DES encryption types, for
example, when doing a TGS-REQ with a ARCFOUR-HMAC-MD5 some client
uses RSA-MD5 for the checksum that is stored inside the encrypted
part of the authenticator. This use of RSA-MD5 should probably be
considered safe, so the Kerberos implementation should make sure this
usage is not disabled when used with legacy system that can't handle
newer checksum types.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-lha-des-die-die-die-01.txt
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
- <ftp://ftp.ietf.org/internet-drafts/draft-lha-des-die-die-die-01.txt>
-
_______________________________________________
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
