Deprecate DES support for Kerberos
draft-lha-des-die-die-die-05
| Document | Type |
Replaced Internet-Draft
(krb-wg WG)
Expired & archived
|
|
|---|---|---|---|
| Author | Love Astrand | ||
| Last updated | 2012-02-09 (Latest revision 2010-07-10) | ||
| Replaced by | RFC 6649 | ||
| RFC stream | Internet Engineering Task Force (IETF) | ||
| Intended RFC status | (None) | ||
| Formats | |||
| Additional resources | Mailing list discussion | ||
| Stream | WG state | WG Document | |
| Document shepherd | (None) | ||
| IESG | IESG state | Replaced by draft-ietf-krb-wg-des-die-die-die | |
| Consensus boilerplate | Unknown | ||
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
A long long time ago Data Encryption Standard (DES) was standardized. Some 30 years later (2003) is was withdrawn as a standard by National Institute of Standards and Technology (NIST), today 6 years later, its time for DES to finally die. By 2008 it was possible to brute force DES keys in 6.4 days using less than USD 10k worth of hardware. So by 2008 DES had passed its sell-by date. This document updates RFC1964, RFC4120, and RFC4121 to deprecate the use of DES in Kerberos. Because the version of Kerberos specified in RFC1510 only supports DES and has been replaced by RFC4120, RFC1510 is reclassified as historic.
Authors
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)