IETF Logo Mail Archive

draft-harris-ssh-arcfour-fixes-02: informational or proposed?

Sam Hartman <hartmans-ietf@mmit.edu.cnri.reston.va.us> Wed, 01 June 2005 18:35 UTC

Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DdY3t-00074x-D9; Wed, 01 Jun 2005 14:35:29 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DdY3r-00073R-2v; Wed, 01 Jun 2005 14:35:27 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA13323; Wed, 1 Jun 2005 14:35:23 -0400 (EDT)
Received: from stratton-three-sixty-nine.mit.edu ([18.187.6.114] helo=carter-zimmerman.mit.edu) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DdYNe-0002lY-42; Wed, 01 Jun 2005 14:55:59 -0400
Received: by carter-zimmerman.mit.edu (Postfix, from userid 8042) id 36E3DE0063; Wed, 1 Jun 2005 14:35:07 -0400 (EDT)
To: ietf@ietf.org
From: Sam Hartman <hartmans-ietf@mmit.edu.cnri.reston.va.us>
Date: Wed, 01 Jun 2005 14:35:07 -0400
Message-ID: <tsloeaqgc2s.fsf@cz.mit.edu>
User-Agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Spam-Score: 1.1 (+)
X-Scan-Signature: c1c65599517f9ac32519d043c37c5336
Cc: iesg@ietf.org
Subject: draft-harris-ssh-arcfour-fixes-02: informational or proposed?
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org


Hi, folks.  The IESG has received a last call comment recommending
that the new rc4 cipher for ssh be published as informational rather
than as a proposed standard because of weaknesses in rc4.  It would be
inappropriate to make a decision based on one comment so I am
soliciting comments on this point.

The argument in favor of publishing this document at proposed is that
the existing arcfour cipher is part of a standard and that many other
IETF protocols use rc4 in standards track documents.


Please submit comments to ietf@ietf.org or iesg@ietf.org on this issue
by 2005-06-28.

Included below is a partial bibliography of RC4 attacks provided to
the IESG by the person making the original comment.



S. Fluhrer, I. Mantin, & A. Shamir, "Weaknesses in the Key Scheduling
Algorithm of RC4", Proceedings of 8th Annual International Workshop
on Selected areas in Cryptography (SAC 2001), Toronto, ON, CA,
August 2001.

J. D. Golic, "Linear Statistical Weakness of RC4 Key Generator",
Procedings of EuroCrypt 1997, Konstanz, DE, May 1997.

S. Fluhrer & D. McGrew, "Statistical Analysis of the RC4 Key
Generator", Proceedings of 7th International Workshop on Fast
Software Encryption (FSE 2000), New York, NY, US, April 2000.

S. Mister & S.E. Tavares, "Cryptanalysis of RC4-like Ciphers",
Proceedings of 5th Annual International Workshop on Selected
Areas in Cryptography (SAC 1998), Kingston, ON, CA, August 1998.

L. Knudsen, W. Meier, B. Preneel, V. Rijmen, & S. Verdoolaege,
"Analysis Method for RC4", Proceedings of AsiaCrypt 1998.

R. Wash, "Lecture Notes on Stream Ciphers and RC4", unpublished,
Case Western Reserve University, OH, US
http://acm.cwru.edu/files/2002%20Spring/talks/latex_samp2_4_09_02.pdf

S. Paul & B. Preneel, "Analysis of Non-fortuitous Predictive States
of the RC4 Key Generator", Proceedings of 4th International Conference
on Cryptology in India (IndoCrypt 2003), New Delhi, IN, December 2003.

_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

v2.23.0 | Report a Bug | By Email