Skip Menu |

From: Zhanna Tsitkov <tsitkova@MIT.EDU>
To: krb5-bugs@MIT.EDU
Subject: Documentation__Encryption types
Date: Wed, 30 Jan 2013 14:40:26 -0500
CC: Zhanna Tsitkov <tsitkova@MIT.EDU>
The following are a few suggestions for this document in the order how
they appear in the text:
1. Consider moving the description of the key types into separate
section (Perhaps, under "Kerberos V5 concepts") so it could be
referenced from the other docs such as "Retiring DES", and further
developed if desired;
2. In "Session key selection" mention that the error (and what error)
will be issued if the intersection is empty;
3. In "Configuration variables" try to use x-reference to the
attributes in krb5.conf instead of rewording their description
here. (See how it is done in
4. In "Enctype compatibility" mention that Camellia was disabled by
default in the releases 1.9-1.10;
5. Add a paragraph about the performance vs security trade-offs and
recommendations when setting permitted_enctypes and friends;
6. Mention this article in krb5.conf (Perhaps, in its SeeAlso section)
7. Instead of "krb5-1.11" use "release 1.11" as a commonly used
reference across MIT KC documentation.