In message <tsloeaqgc2s.fsf@xxxxxxxxxx>, Sam Hartman writes: > > >Hi, folks. The IESG has received a last call comment recommending >that the new rc4 cipher for ssh be published as informational rather >than as a proposed standard because of weaknesses in rc4. It would be >inappropriate to make a decision based on one comment so I am >soliciting comments on this point. > >The argument in favor of publishing this document at proposed is that >the existing arcfour cipher is part of a standard and that many other >IETF protocols use rc4 in standards track documents. > Correct me if I'm wrong, but the serious problems with RC4 that I know of are related-key attacks. Those don't occur in, say, secsh or TLS. This draft improves the situation somewhat, and is thus good. That said, I see no problem with strengthening the security considerations section to cite some of these other references. (Arguably, though, those citations belong in a different document on RC4.) --Steven M. Bellovin, http://www.cs.columbia.edu/~smb _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf