Re: [Cfrg] Fwd: [saag] [Sam Hartman] draft-harris-ssh-arcfour-fixes-02: informational or proposed?
Greg Rose <ggr@qualcomm.com> Wed, 01 June 2005 21:50 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1Ddb71-0005LU-Qb; Wed, 01 Jun 2005 17:50:55 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1Ddb6x-0005LG-3E for cfrg@megatron.ietf.org; Wed, 01 Jun 2005 17:50:52 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA12004 for <cfrg@ietf.org>; Wed, 1 Jun 2005 17:50:48 -0400 (EDT)
Received: from ithilien.qualcomm.com ([129.46.51.59]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DdbQp-0000eW-Lp for cfrg@ietf.org; Wed, 01 Jun 2005 18:11:25 -0400
Received: from magus.qualcomm.com (magus.qualcomm.com [129.46.61.148]) by ithilien.qualcomm.com (8.12.10/8.12.5/1.0) with ESMTP id j51LnRdv007586; Wed, 1 Jun 2005 14:49:28 -0700 (PDT)
Received: from grose1.qualcomm.com (dhcp-bldg-l6-76-10.qualcomm.com [129.46.76.238]) by magus.qualcomm.com (8.12.10/8.12.5/1.0) with ESMTP id j51LnP8B027537 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 1 Jun 2005 14:49:26 -0700 (PDT)
Message-Id: <6.2.1.2.2.20050601144807.04cadf60@203.30.171.17>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.1.2
Date: Wed, 01 Jun 2005 14:49:24 -0700
To: "David A. McGrew" <mcgrew@cisco.com>
From: Greg Rose <ggr@qualcomm.com>
Subject: Re: [Cfrg] Fwd: [saag] [Sam Hartman] draft-harris-ssh-arcfour-fixes-02: informational or proposed?
In-Reply-To: <4cc03b861d2819f817361b3982808a26@cisco.com>
References: <4cc03b861d2819f817361b3982808a26@cisco.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: e1b0e72ff1bbd457ceef31828f216a86
Cc: "'cfrg@ietf.org'" <cfrg@ietf.org>
X-BeenThere: cfrg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:cfrg@ietf.org>
List-Help: <mailto:cfrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=subscribe>
Sender: cfrg-bounces@ietf.org
Errors-To: cfrg-bounces@ietf.org
I am strongly of the opinion that RC4 should be deprecated, therefore that this RFC shouldn't be published *at all*. Certainly not as a proposed standard. Greg. At 14:41 2005-06-01 -0700, David A. McGrew wrote: >FYI. > >Begin forwarded message: > >>From: Sam Hartman <hartmans-ietf@mit.edu> >>Date: June 1, 2005 12:04:07 PM PDT >>To: ietf-ssh@netbsd.org, saag@mit.edu >>Subject: [saag] [Sam Hartman] draft-harris-ssh-arcfour-fixes-02: >>informational or proposed? >>Reply-To: ietf@ietf.org >> >> >> >>Hi. I believe the following request is of interest to secsh and saag. >> >> >>From: Sam Hartman <hartmans-ietf@mmit.edu.cnri.reston.va.us> >>Date: June 1, 2005 11:35:07 AM PDT >>To: ietf@ietf.org >>Cc: iesg@ietf.org >>Subject: draft-harris-ssh-arcfour-fixes-02: informational or proposed? >> >> >> >> >>Hi, folks. The IESG has received a last call comment recommending >>that the new rc4 cipher for ssh be published as informational rather >>than as a proposed standard because of weaknesses in rc4. It would be >>inappropriate to make a decision based on one comment so I am >>soliciting comments on this point. >> >>The argument in favor of publishing this document at proposed is that >>the existing arcfour cipher is part of a standard and that many other >>IETF protocols use rc4 in standards track documents. >> >> >>Please submit comments to ietf@ietf.org or iesg@ietf.org on this issue >>by 2005-06-28. >> >>Included below is a partial bibliography of RC4 attacks provided to >>the IESG by the person making the original comment. >> >> >> >>S. Fluhrer, I. Mantin, & A. Shamir, "Weaknesses in the Key Scheduling >>Algorithm of RC4", Proceedings of 8th Annual International Workshop >>on Selected areas in Cryptography (SAC 2001), Toronto, ON, CA, >>August 2001. >> >>J. D. Golic, "Linear Statistical Weakness of RC4 Key Generator", >>Procedings of EuroCrypt 1997, Konstanz, DE, May 1997. >> >>S. Fluhrer & D. McGrew, "Statistical Analysis of the RC4 Key >>Generator", Proceedings of 7th International Workshop on Fast >>Software Encryption (FSE 2000), New York, NY, US, April 2000. >> >>S. Mister & S.E. Tavares, "Cryptanalysis of RC4-like Ciphers", >>Proceedings of 5th Annual International Workshop on Selected >>Areas in Cryptography (SAC 1998), Kingston, ON, CA, August 1998. >> >>L. Knudsen, W. Meier, B. Preneel, V. Rijmen, & S. Verdoolaege, >>"Analysis Method for RC4", Proceedings of AsiaCrypt 1998. >> >>R. Wash, "Lecture Notes on Stream Ciphers and RC4", unpublished, >>Case Western Reserve University, OH, US >>http://acm.cwru.edu/files/2002%20Spring/talks/latex_samp2_4_09_02.pdf >> >>S. Paul & B. Preneel, "Analysis of Non-fortuitous Predictive States >>of the RC4 Key Generator", Proceedings of 4th International Conference >>on Cryptology in India (IndoCrypt 2003), New Delhi, IN, December 2003. >> >>_______________________________________________ >>Ietf mailing list >>Ietf@ietf.org >>https://www1.ietf.org/mailman/listinfo/ietf >> >> >> >>_______________________________________________ >>saag mailing list >>saag@mit.edu >>https://jis.mit.edu/mailman/listinfo/saag > >_______________________________________________ >Cfrg mailing list >Cfrg@ietf.org >https://www1.ietf.org/mailman/listinfo/cfrg Greg Rose INTERNET: ggr@qualcomm.com Qualcomm Incorporated VOICE: +1-858-651-5733 FAX: +1-858-651-5766 5775 Morehouse Drive http://people.qualcomm.com/ggr/ San Diego, CA 92121 232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C _______________________________________________ Cfrg mailing list Cfrg@ietf.org https://www1.ietf.org/mailman/listinfo/cfrg
- [Cfrg] Fwd: [saag] [Sam Hartman] draft-harris-ssh… David A. McGrew
- Re: [Cfrg] Fwd: [saag] [Sam Hartman] draft-harris… Greg Rose
- RE: [Cfrg] Fwd: [saag] [Sam Hartman]draft-harris-… Blumenthal, Uri
- RE: [Cfrg] Fwd: [saag] [Sam Hartman]draft-harris-… Peter Gutmann