BCP 179, RFC 6649 on Deprecate DES, RC4-HMAC-EXP, and Other Weak Cryptographic Algorithms in Kerberos

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

A new Request for Comments is now available in online RFC libraries.

        BCP 179        
        RFC 6649

        Title:      Deprecate DES, RC4-HMAC-EXP, and Other 
                    Weak Cryptographic Algorithms in Kerberos 
        Author:     L. Hornquist Astrand, T. Yu
        Status:     Best Current Practice
        Stream:     IETF
        Date:       July 2012
        Mailbox:    lha@apple.com, 
                    tlyu@mit.edu
        Pages:      7
        Characters: 13498
        Obsoletes:  RFC1510
        Updates:    RFC1964, RFC4120, RFC4121, RFC4757
        See Also:   BCP0179

        I-D Tag:    draft-ietf-krb-wg-des-die-die-die-04.txt

        URL:        http://www.rfc-editor.org/rfc/rfc6649.txt

The Kerberos 5 network authentication protocol, originally specified
in RFC 1510, can use the Data Encryption Standard (DES) for
encryption.  Almost 30 years after first publishing DES, the National
Institute of Standards and Technology (NIST) finally withdrew the
standard in 2005, reflecting a long-established consensus that DES is
insufficiently secure.  By 2008, commercial hardware costing less
than USD 15,000 could break DES keys in less than a day on average.
DES is long past its sell-by date.  Accordingly, this document
updates RFC 1964, RFC 4120, RFC 4121, and RFC 4757 to deprecate the
use of DES, RC4-HMAC-EXP, and other weak cryptographic algorithms in
Kerberos.  Because RFC 1510 (obsoleted by RFC 4120) supports only
DES, this document recommends the reclassification of RFC 1510 as
Historic.  This memo documents an Internet Best Current Practice.

This document is a product of the Kerberos WG Working Group of the IETF.


BCP: This document specifies an Internet Best Current Practices for the
Internet Community, and requests discussion and suggestions for 
improvements. Distribution of this memo is unlimited.

This announcement is sent to the IETF-Announce and rfc-dist lists.
To subscribe or unsubscribe, see
  http://www.ietf.org/mailman/listinfo/ietf-announce
  http://mailman.rfc-editor.org/mailman/listinfo/rfc-dist

For searching the RFC series, see http://www.rfc-editor.org/rfcsearch.html.
For downloading RFCs, see http://www.rfc-editor.org/rfc.html.

Requests for special distribution should be addressed to either the
author of the RFC in question, or to rfc-editor@rfc-editor.org.  Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.


The RFC Editor Team
Association Management Solutions, LLC
[Index of Archives]     [IETF]     [IETF Discussion]     [Linux Kernel]

  Powered by Linux