Re: draft-harris-ssh-arcfour-fixes-02: informational or proposed?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



>>>>> "Steven" == Steven M Bellovin <smb@xxxxxxxxxxxxxxx> writes:

    Steven> ------- Forwarded Message


    Steven> In message <tsloeaqgc2s.fsf@xxxxxxxxxx>, Sam Hartman
    Steven> writes:
    >> 
    >> 
    >> Hi, folks.  The IESG has received a last call comment
    >> recommending that the new rc4 cipher for ssh be published as
    >> informational rather than as a proposed standard because of
    >> weaknesses in rc4.  It would be inappropriate to make a
    >> decision based on one comment so I am soliciting comments on
    >> this point.
    >> 
    >> The argument in favor of publishing this document at proposed
    >> is that the existing arcfour cipher is part of a standard and
    >> that many other IETF protocols use rc4 in standards track
    >> documents.
    >> 

    Steven> Correct me if I'm wrong, but the serious problems with RC4
    Steven> that I know of are related-key attacks.  

That's what I thought too.  However that seems to be false.  The one
reference currently in the security considerations section is for an
attack to distinguish an RC4 stream from a random stream.  That's much
more serious for ssh and tls than the related key attacks.

--Sam

_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]