Re: [Curdle] Adoption of rc4-die-die-die document

"Mark D. Baushke" <mdb@juniper.net> Wed, 16 August 2017 19:57 UTC

Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.12 as permitted sender)
To: "Salz, Rich" <rsalz@akamai.com>
CC: "curdle@ietf.org" <curdle@ietf.org>
In-Reply-To: <AF662C78-D0D9-4C57-8B45-B95C2311A048@akamai.com>
References: <AF662C78-D0D9-4C57-8B45-B95C2311A048@akamai.com>
Comments: In-reply-to: "Salz, Rich" <rsalz@akamai.com> message dated "Wed, 16 Aug 2017 19:48:28 -0000."
From: "Mark D. Baushke" <mdb@juniper.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Date: Wed, 16 Aug 2017 12:56:59 -0700
Message-ID: <98476.1502913419@eng-mail01.juniper.net>
Sender: mdb@juniper.net
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Aug 2017 19:57:48.5318 (UTC)
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.12]; Helo=[p-emfe01a-sac.jnpr.net]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR05MB3425
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/9ZTEOuB_doF7J69rRcUygc81dfo>
Subject: Re: [Curdle] Adoption of rc4-die-die-die document
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Aug 2017 19:57:55 -0000

Salz, Rich <rsalz@akamai.com> writes:

> We have adopted draft-ietf-curdle-rc4-die-die-die. Full doc details
> are at
> https://datatracker.ietf.org/doc/draft-ietf-curdle-rc4-die-die-die/
> 
> There are concerns that this document is over-reaching our charter,
> and that a document to remove RC4 from all protocols is beyond our
> scope. It is hard to argue with that ☺
> 
> Should we ask to expand the charter? Daniel suggested maybe a crypto
> policy document, but that probably belongs in SAAG or even IESG.
> 
> So what should be taken out of this document so that we can move
> forward? Or should we ask for the ability to condemn RC4 for all of
> the IETF?

Yes, this is probably technically an IESG issue.

I think that means it is up to our ADs if they want to shepherd this
document to the general IESG, or split it into multiple RFCs for each
area. I am just not sure.

That said, I believe RC4 should be condemned for all of the IETF. So,
who do we need to ask for the ability to speak for all of the IETF about
the insecurity of RC4?

	-- Mark

[Curdle] Adoption of rc4-die-die-die document Salz, Rich
Re: [Curdle] Adoption of rc4-die-die-die document Mark D. Baushke
Re: [Curdle] Adoption of rc4-die-die-die document Loganaden Velvindron
Re: [Curdle] Adoption of rc4-die-die-die document Salz, Rich
Re: [Curdle] Adoption of rc4-die-die-die document Eric Rescorla
Re: [Curdle] Adoption of rc4-die-die-die document Eric Rescorla
Re: [Curdle] Adoption of rc4-die-die-die document Salz, Rich