Re: draft-harris-ssh-arcfour-fixes-02: informational or proposed?
Sam Hartman <hartmans-ietf@mit.edu> Wed, 01 June 2005 19:09 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DdYaW-0006lT-JN; Wed, 01 Jun 2005 15:09:12 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DdYaV-0006lG-1y; Wed, 01 Jun 2005 15:09:11 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA16829; Wed, 1 Jun 2005 15:09:07 -0400 (EDT)
Received: from stratton-three-sixty-nine.mit.edu ([18.187.6.114] helo=carter-zimmerman.mit.edu) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DdYuM-0004fY-MH; Wed, 01 Jun 2005 15:29:43 -0400
Received: by carter-zimmerman.mit.edu (Postfix, from userid 8042) id 9F530E0063; Wed, 1 Jun 2005 15:09:04 -0400 (EDT)
To: Keith Moore <moore@cs.utk.edu>
References: <tsloeaqgc2s.fsf@cz.mit.edu> <20050601144334.0165488d.moore@cs.utk.edu>
From: Sam Hartman <hartmans-ietf@mit.edu>
Date: Wed, 01 Jun 2005 15:09:04 -0400
In-Reply-To: <20050601144334.0165488d.moore@cs.utk.edu> (Keith Moore's message of "Wed, 1 Jun 2005 14:43:34 -0400")
Message-ID: <tslbr6php2n.fsf@cz.mit.edu>
User-Agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 7d33c50f3756db14428398e2bdedd581
Cc: ietf@ietf.org, iesg@ietf.org
Subject: Re: draft-harris-ssh-arcfour-fixes-02: informational or proposed?
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org
>>>>> "Keith" == Keith Moore <moore@cs.utk.edu> writes: >> The argument in favor of publishing this document at proposed >> is that the existing arcfour cipher is part of a standard and >> that many other IETF protocols use rc4 in standards track >> documents. Keith> previous mistakes are not valid justifications for new Keith> mistakes. previous accidents are not valid justifications Keith> for deliberately weakening new products. So, that's certainly true. but I can see two points. 1) There is an existing somewhat broken rc4 cipher in the ssh standards-track document. This spec proposes to replace that cipher with one that is much less broken. Why should that be at a lower level of standardization than the existing cipher? 2) The fact that we have rc4 in a lot of standards may suggest that we consider the attacks against it not sufficient to actually count as broken. To some extent this second consideration is targeted at the security community. _______________________________________________ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
- draft-harris-ssh-arcfour-fixes-02: informational … Sam Hartman
- Re: draft-harris-ssh-arcfour-fixes-02: informatio… Keith Moore
- Re: draft-harris-ssh-arcfour-fixes-02: informatio… Simon Josefsson
- Re: draft-harris-ssh-arcfour-fixes-02: informatio… Sam Hartman
- Re: draft-harris-ssh-arcfour-fixes-02: informatio… Steven M. Bellovin
- Re: draft-harris-ssh-arcfour-fixes-02: informatio… Keith Moore
- Re: [saag] [Sam Hartman] draft-harris-ssh-arcfour… Jeffrey Altman
- Re: draft-harris-ssh-arcfour-fixes-02: informatio… Sam Hartman
- Re: draft-harris-ssh-arcfour-fixes-02: informatio… william(at)elan.net
- Re: draft-harris-ssh-arcfour-fixes-02: informatio… william(at)elan.net
- Re: [saag] [Sam Hartman] draft-harris-ssh-arcfour… Brian E Carpenter
- Re: draft-harris-ssh-arcfour-fixes-02: informatio… Bill Sommerfeld
- Re: draft-harris-ssh-arcfour-fixes-02: informatio… Ben Harris
- Re: draft-harris-ssh-arcfour-fixes-02: informatio… Ben Harris
- Re: draft-harris-ssh-arcfour-fixes-02: informatio… Ben Harris