IETF Logo Mail Archive

Re: draft-harris-ssh-arcfour-fixes-02: informational or proposed?

Ben Harris <bjh21@bjh21.me.uk> Fri, 03 June 2005 12:54 UTC

Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DeBh6-0001yC-MC; Fri, 03 Jun 2005 08:54:36 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1De8HC-0004D8-Io for ietf@megatron.ietf.org; Fri, 03 Jun 2005 05:15:38 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA07836 for <ietf@ietf.org>; Fri, 3 Jun 2005 05:15:36 -0400 (EDT)
Received: from chiark.greenend.org.uk ([193.201.200.170] ident=mail) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1De8bP-0007Do-C7 for ietf@ietf.org; Fri, 03 Jun 2005 05:36:31 -0400
Received: by chiark.greenend.org.uk (Debian Exim 3.35 #1) with local (return-path bjharris@chiark.greenend.org.uk) id 1De8HA-0005I8-00; Fri, 03 Jun 2005 10:15:36 +0100
From: Ben Harris <bjh21@bjh21.me.uk>
To: william@elan.net, ietf@ietf.org
In-Reply-To: <Pine.LNX.4.62.0506020227100.27968@sokol.elan.net>
References: <tsloeaqgc2s.fsf@cz.mit.edu> <20050601144334.0165488d.moore@cs.utk.edu> <20050601144334.0165488d.moore@cs.utk.edu> <Pine.LNX.4.62.0506020227100.27968@sokol.elan.net>
Organization: Linux Unlimited
Message-Id: <E1De8HA-0005I8-00@chiark.greenend.org.uk>
Date: Fri, 03 Jun 2005 10:15:36 +0100
X-Spam-Score: 0.9 (/)
X-Scan-Signature: ffa9dfbbe7cc58b3fa6b8ae3e57b0aa3
X-Mailman-Approved-At: Fri, 03 Jun 2005 08:54:24 -0400
Cc:
Subject: Re: draft-harris-ssh-arcfour-fixes-02: informational or proposed?
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org

In article <Pine.LNX.4.62.0506020227100.27968@sokol.elan.net> you write:
>On Wed, 1 Jun 2005, Keith Moore wrote:
>>> The argument in favor of publishing this document at proposed is that
>>> the existing arcfour cipher is part of a standard and that many other
>>> IETF protocols use rc4 in standards track documents.
>>
>> previous mistakes are not valid justifications for new mistakes.
>> previous accidents are not valid justifications for deliberately weakening
>> new products.
>
>Keith,
>
>I think you're right in general. But in this specific case its not a
>"new product". SSH already uses RC4, the change is increasing size
>of key that maybe used.

That's not the only change.  The important aspect of my draft is that it
requires discarding the first 1536 bytes of RC4 keystream.  Apparently RSA
Security have always recommended discarding the start of the keystream, but
SSH (and TLS, for that matter) has ignored this recommendation.  The
addition of support for 256-bit keys was just my taking an opportunity to
bring RC4 into line with the rest of SSH, and to give us a little more
security headroom against any remaining attacks on the key schedule.

-- 
Ben Harris

_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

v2.23.0 | Report a Bug | By Email