On Wed, Feb 11, 2015 at 01:50:07AM -0500, Daniel Kahn Gillmor wrote: > > RC4 in LOW has a bit of pushback so far. My cover for it is that the > > IETF says "don't use it." So I think saying "if you want it, say so" is > > the way to go. > > I think that's the correct position. People who want to be able to > negotiate a deprecated cipher should need to explicitly state that > that's their intent. I do: aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH The proposal to now misclassify RC4 as LOW (lumped in with single DES and similar) needlessly breaks this. -- Viktor.
