IETF Logo Mail Archive

Re: draft-harris-ssh-arcfour-fixes-02: informational or proposed?

"Steven M. Bellovin" <smb@cs.columbia.edu> Wed, 01 June 2005 19:22 UTC

Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DdYnj-0007mv-5e; Wed, 01 Jun 2005 15:22:51 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DdYng-0007mD-NF; Wed, 01 Jun 2005 15:22:48 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA18550; Wed, 1 Jun 2005 15:22:44 -0400 (EDT)
Received: from machshav.com ([147.28.0.16]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DdZ7Y-0005OL-CJ; Wed, 01 Jun 2005 15:43:21 -0400
Received: by machshav.com (Postfix, from userid 512) id B3F5BFB284; Wed, 1 Jun 2005 15:22:45 -0400 (EDT)
Received: from berkshire.machshav.com (localhost [127.0.0.1]) by machshav.com (Postfix) with ESMTP id 1AC54FB281; Wed, 1 Jun 2005 15:22:45 -0400 (EDT)
Received: from cs.columbia.edu (localhost [127.0.0.1]) by berkshire.machshav.com (Postfix) with ESMTP id B4BD53BFFFA; Wed, 1 Jun 2005 15:22:38 -0400 (EDT)
X-Mailer: exmh version 2.6.3 04/04/2003 with nmh-1.0.4
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
To: Sam Hartman <hartmans-ietf@mmit.edu.cnri.reston.va.us>
In-Reply-To: Your message of "Wed, 01 Jun 2005 14:35:07 EDT." <tsloeaqgc2s.fsf@cz.mit.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Wed, 01 Jun 2005 15:22:38 -0400
Message-Id: <20050601192238.B4BD53BFFFA@berkshire.machshav.com>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 93238566e09e6e262849b4f805833007
Cc: ietf@ietf.org, iesg@ietf.org
Subject: Re: draft-harris-ssh-arcfour-fixes-02: informational or proposed?
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org

In message <tsloeaqgc2s.fsf@cz.mit.edu>, Sam Hartman writes:
>
>
>Hi, folks.  The IESG has received a last call comment recommending
>that the new rc4 cipher for ssh be published as informational rather
>than as a proposed standard because of weaknesses in rc4.  It would be
>inappropriate to make a decision based on one comment so I am
>soliciting comments on this point.
>
>The argument in favor of publishing this document at proposed is that
>the existing arcfour cipher is part of a standard and that many other
>IETF protocols use rc4 in standards track documents.
>

Correct me if I'm wrong, but the serious problems with RC4 that I know 
of are related-key attacks.  Those don't occur in, say, secsh or TLS.
This draft improves the situation somewhat, and is thus good.  That 
said, I see no problem with strengthening the security considerations 
section to cite some of these other references.  (Arguably, though, 
those citations belong in a different document on RC4.)

		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb



_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

v2.23.0 | Report a Bug | By Email