Resolution of last call comments for draft-harris-ssh-arcfour-fixes-02.txt
Sam Hartman <hartmans-ietf@mit.edu> Wed, 29 June 2005 14:44 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DndnK-0007xI-Uv; Wed, 29 Jun 2005 10:44:06 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DndnI-0007xC-MT for ietf@megatron.ietf.org; Wed, 29 Jun 2005 10:44:04 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA27602 for <ietf@ietf.org>; Wed, 29 Jun 2005 10:44:02 -0400 (EDT)
Received: from carter-zimmerman.mit.edu ([18.18.3.197]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DneCr-0000dt-8R for ietf@ietf.org; Wed, 29 Jun 2005 11:10:30 -0400
Received: by carter-zimmerman.mit.edu (Postfix, from userid 8042) id B4D82E0063; Wed, 29 Jun 2005 10:44:03 -0400 (EDT)
To: bjh21@bjh21.me.uk
mail-followups-to: ietf-ssh@netbsd.org
mail-copies-to: hartmans-ietf@mit.edu, bjh21@bjh21.me.uk
From: Sam Hartman <hartmans-ietf@mit.edu>
Date: Wed, 29 Jun 2005 10:44:03 -0400
Message-ID: <tslmzp9b4uk.fsf@cz.mit.edu>
User-Agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 39bd8f8cbb76cae18b7e23f7cf6b2b9f
Cc: ietf-ssh@netbsd.org, ietf@ietf.org
Subject: Resolution of last call comments for draft-harris-ssh-arcfour-fixes-02.txt
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org
Hi. The last call period on your draft has expired. As you are no doubt aware there was a significant discussion of the suitability of rc4 for use as a standards-track ssh cipher . The community consensus supports publishing this draft on the standards track. However we need to clearly indicate the applicability of this proposal. Please add an applicability statement discussing the performance advantages of RC4 against the known security weaknesses. You may end up reusing text from your security considerations text. Your applicability statement needs to suggest to the reader that they consider the ssh newmodes draft as an alternative to your rc4 ciphers. This alternative should be chosen in environments where the advantages of RC4 do not make it attractive. The reference to the newmodes draft needs to be normative. I believe that the decision to implement this standard requires evaluation of that draft as well. In addition, procedurally the reference to newmodes needs to block publication of this draft so it is not removed. In addition, I'm still waiting to hear back from you on the questions raised in the security directorate review. While these points are minor, they should be addressed. Thanks for all the hard work. Awaiting your revisions, --Sam _______________________________________________ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf