Protocol Action: 'Prohibiting RC4 Cipher Suites' to Proposed Standard (draft-ietf-tls-prohibiting-rc4-01.txt)

The IESG <> Fri, 09 January 2015 20:10 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id EA1CA1A0406; Fri, 9 Jan 2015 12:10:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id yLZ3mMhanHzN; Fri, 9 Jan 2015 12:10:20 -0800 (PST)
Received: from (localhost [IPv6:::1]) by (Postfix) with ESMTP id 34AAE1A900A; Fri, 9 Jan 2015 12:10:09 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: The IESG <>
To: IETF-Announce <>
Subject: Protocol Action: 'Prohibiting RC4 Cipher Suites' to Proposed Standard (draft-ietf-tls-prohibiting-rc4-01.txt)
X-Test-IDTracker: no
X-IETF-IDTracker: 5.10.0.p8
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <>
Date: Fri, 09 Jan 2015 12:10:09 -0800
Archived-At: <>
Cc: tls mailing list <>, tls chair <>, RFC Editor <>
X-Mailman-Version: 2.1.15
List-Id: "IETF announcement list. No discussions." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 09 Jan 2015 20:10:22 -0000

The IESG has approved the following document:
- 'Prohibiting RC4 Cipher Suites'
  (draft-ietf-tls-prohibiting-rc4-01.txt) as Proposed Standard

This document is the product of the Transport Layer Security Working

The IESG contact persons are Stephen Farrell and Kathleen Moriarty.

A URL of this Internet Draft is:

Technical Summary

   This document requires that Transport Layer Security (TLS) clients
   and servers never negotiate the use of RC4 cipher suites when they
   establish connections.

Working Group Summary

   There is strong working group consensus for this document.  During 
   WGLC there was some concern that there may be some 
   implementations that only support RC4 and a "MUST NOT" may not 
   be appropriate for servers.  The was strong consensus within the 
   group to move forward with RC4 as a "MUST NOT."  

   In case it comes up, during AD review I did ask the WG if they
   wanted to go beyond just killing this list of ciphersuites and
   massacre some more, but the answer, as I expected, was that
   no, just doing this is what they want to do for now.

Document Quality

   The document has been reviewed by the TLS working group. There 
   is also significant evidence that  only a very small percentage of 
   deployments only support RC4.  


   The document shepherd is Joseph Salowey.  
   The irresponsible Area Director is Stephen Farrell.

RFC Editor Note

   Please remove the square brackets from the abstract.