IETF Logo Mail Archive

Re: draft-harris-ssh-arcfour-fixes-02: informational or proposed?

Sam Hartman <hartmans-ietf@mit.edu> Wed, 01 June 2005 19:09 UTC

Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DdYaW-0006lT-JN; Wed, 01 Jun 2005 15:09:12 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DdYaV-0006lG-1y; Wed, 01 Jun 2005 15:09:11 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA16829; Wed, 1 Jun 2005 15:09:07 -0400 (EDT)
Received: from stratton-three-sixty-nine.mit.edu ([18.187.6.114] helo=carter-zimmerman.mit.edu) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DdYuM-0004fY-MH; Wed, 01 Jun 2005 15:29:43 -0400
Received: by carter-zimmerman.mit.edu (Postfix, from userid 8042) id 9F530E0063; Wed, 1 Jun 2005 15:09:04 -0400 (EDT)
To: Keith Moore <moore@cs.utk.edu>
References: <tsloeaqgc2s.fsf@cz.mit.edu> <20050601144334.0165488d.moore@cs.utk.edu>
From: Sam Hartman <hartmans-ietf@mit.edu>
Date: Wed, 01 Jun 2005 15:09:04 -0400
In-Reply-To: <20050601144334.0165488d.moore@cs.utk.edu> (Keith Moore's message of "Wed, 1 Jun 2005 14:43:34 -0400")
Message-ID: <tslbr6php2n.fsf@cz.mit.edu>
User-Agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 7d33c50f3756db14428398e2bdedd581
Cc: ietf@ietf.org, iesg@ietf.org
Subject: Re: draft-harris-ssh-arcfour-fixes-02: informational or proposed?
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org

>>>>> "Keith" == Keith Moore <moore@cs.utk.edu> writes:

    >> The argument in favor of publishing this document at proposed
    >> is that the existing arcfour cipher is part of a standard and
    >> that many other IETF protocols use rc4 in standards track
    >> documents.

    Keith> previous mistakes are not valid justifications for new
    Keith> mistakes.  previous accidents are not valid justifications
    Keith> for deliberately weakening new products.
So, that's certainly true.  but I can see two points.

1) There is an existing somewhat broken rc4 cipher in the ssh
   standards-track document.  This spec proposes to replace that
   cipher with one that is much less broken.  Why should that be at a lower level of standardization than the existing cipher?

2) The fact that we have rc4 in a lot of standards may suggest that we
    consider the attacks against it not sufficient to actually count
    as broken.  To some extent this second consideration is targeted
    at the security community.


_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

v2.23.0 | Report a Bug | By Email