Deprecate DES, RC4-HMAC-EXP, and Other Weak Cryptographic Algorithms in Kerberos
Draft of message to be sent after approval:
From: The IESG <firstname.lastname@example.org> To: IETF-Announce <email@example.com> Cc: RFC Editor <firstname.lastname@example.org>, krb-wg mailing list <email@example.com>, krb-wg chair <firstname.lastname@example.org> Subject: Protocol Action: 'Deprecate DES, RC4-HMAC-EXP, and other weak cryptographic algorithms in Kerberos' to Best Current Practice (draft-ietf-krb-wg-des-die-die-die-04.txt) The IESG has approved the following document: - 'Deprecate DES, RC4-HMAC-EXP, and other weak cryptographic algorithms in Kerberos' (draft-ietf-krb-wg-des-die-die-die-04.txt) as a Best Current Practice This document is the product of the Kerberos Working Group. The IESG contact persons are Stephen Farrell and Sean Turner. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-ietf-krb-wg-des-die-die-die/
The IESG have approved the designation of RFC 1510 as an Historic RFC as requested by this document. Technical Summary A long long time ago Data Encryption Standard (DES) was standardized. Some 30 years later (2005) IT was withdrawn as a standard by National Institute of Standards and Technology (NIST), today 7 years later, its time for DES to finally die. By 2008 it was possible to brute force DES keys in 6.4 days using less than USD 10k worth of hardware. So by 2008 DES had passed its sell-by date. This document updates RFC1964, RFC4120, RFC4121 and RFC 4757 to deprecate the use of DES in Kerberos. Because the version of Kerberos specified in RFC1510 only supports DES and has been replaced by RFC4120, RFC1510 is reclassified as historic. There is a downward reference to RFC 4757 in order to deprecate an algorithm specified in that RFC; this downward reference is appropriate because reclassifying RFC 4757 as standards track is not desired. Working Group Summary This document represents the consensus of the Kerberos Working Group. Document Quality At least three major Kerberos implementations have already either implemented the recommendations of this document by removing DES support entirely, or changed their default configuration such that DES and related algorithms deprecated by this document must be explicitly enabled by an administrator before they can be used. Personnel The Document Shepherd for this document is Sam Hartman; Jeffrey Hutzelman acted as shepherd for much of the life of this document. The responsible Area Director is Stephen Farrell. RFC Editor Notes (1) Abstract OLD this document reclassifies RFC1510 as Historic. NEW this document recommends the reclassification of RFC1510 as Historic. (2) Section 2 OLD Accordingly, this document reclassifies [RFC1510] (obsoleted by [RFC4120]) as Historic NEW Accordingly, this document recommends the reclassification of [RFC1510] (obsoleted by [RFC4120]) as Historic (3) Section 5 OLD This document hereby reclassifies [RFC1510] as Historic. NEW This document recommends the reclassification of [RFC1510] as Historic. (4) Change from Updates 1510 to Obsoletes 1510 in the header Please change the header to say that this does not update 1510 (remove 1510 from the list of updated RFCs) and add that this document obsoletes 1510 (if approved) to the header.