datatracker.ietf.org
Sign In
Version 4.51.p2, 2013-06-11
Report a bug

Deprecate DES, RC4-HMAC-EXP, and Other Weak Cryptographic Algorithms in Kerberos
draft-ietf-krb-wg-des-die-die-die-04

RFC
Document Stream: IETF
Last updated: 2012-02-27
Replaces: draft-lha-des-die-die-die
Intended RFC status: Best Current Practice
Other versions: (expired, archived): plain text, pdf, html
IETF State: Submitted to IESG for Publication (krb-wg)
Document shepherd:Sam Hartman
Shepherd writeup
Consensus:Unknown
IESG State: RFC 6649
IANA Action State: No IC 
On agenda of 2012-04-26 IESG telechat
Responsible AD: Stephen Farrell
IESG Note: Sam Hartman (hartmans-ietf@mit.edu) is the document shepherd.
Send notices to: krb-wg-chairs@tools.ietf.org, draft-ietf-krb-wg-des-die-die-die@tools.ietf.org

This Internet-Draft is no longer active. Unofficial copies of old Internet-Drafts can be found here:
http://tools.ietf.org/id/draft-ietf-krb-wg-des-die-die-die.

Abstract:
The Kerberos 5 network authentication protocol, originally specified in RFC 1510, can use the Data Encryption Standard (DES) for encryption. Almost 30 years after first publishing DES, the National Institute of Standards and Technology (NIST) finally withdrew the standard in 2005, reflecting a long-established consensus that DES is insufficiently secure. By 2008, commercial hardware costing less than USD 15,000 could break DES keys in less than a day on average. DES is long past its sell-by date. Accordingly, this document updates RFC 1964, RFC 4120, RFC 4121, and RFC 4757 to deprecate the use of DES, RC4-HMAC-EXP, and other weak cryptographic algorithms in Kerberos. Because RFC 1510 (obsoleted by RFC 4120) supports only DES, this document recommends the reclassification of RFC 1510 as Historic. This memo documents an Internet Best Current Practice.

Authors:
Love Astrand <lha@apple.com>
Tom Yu <tlyu@mit.edu>

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid)