IETF Logo Mail Archive

Re: [TLS] Deprecating RC4 (was: draft-ietf-tls-encrypt-then-mac)

"Peter Yee" <peter@akayla.com> Fri, 11 April 2014 20:00 UTC

Return-Path: <peter@akayla.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 888E01A072E for <tls@ietfa.amsl.com>; Fri, 11 Apr 2014 13:00:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level:
X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id peC5ZwVH-zMz for <tls@ietfa.amsl.com>; Fri, 11 Apr 2014 13:00:06 -0700 (PDT)
Received: from p3plsmtpa06-04.prod.phx3.secureserver.net (p3plsmtpa06-04.prod.phx3.secureserver.net [173.201.192.105]) by ietfa.amsl.com (Postfix) with ESMTP id 94CA41A03FC for <tls@ietf.org>; Fri, 11 Apr 2014 13:00:05 -0700 (PDT)
Received: from spectre ([173.8.184.78]) by p3plsmtpa06-04.prod.phx3.secureserver.net with id ok031n00R1huGat01k03MT; Fri, 11 Apr 2014 13:00:04 -0700
From: Peter Yee <peter@akayla.com>
To: tls@ietf.org
References: <CABcZeBOvxL7Zws0UNowViBWGaVBgfm3zXt8=dNPKffGfN3q2gA@mail.gmail.com>
In-Reply-To: <CABcZeBOvxL7Zws0UNowViBWGaVBgfm3zXt8=dNPKffGfN3q2gA@mail.gmail.com>
Date: Fri, 11 Apr 2014 13:00:10 -0700
Message-ID: <02f201cf55c0$a58fcbe0$f0af63a0$@akayla.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_02F3_01CF5585.F931B730"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQI/IamTI5US4GWYrLOkYV/jd895i5otNdXQ
Content-Language: en-us
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/aV_YnYwEl1hXTms7D8NIcpHNkwc
Subject: Re: [TLS] Deprecating RC4 (was: draft-ietf-tls-encrypt-then-mac)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Apr 2014 20:00:09 -0000

I'm in favor of deprecating RC4 in TLS.  The only plausible arguments I've
heard of are for support of legacy systems.  Given how long it takes new
changes in TLS to be adopted anyhow, we should be deprecating RC4 now and
trying to give legacy systems an impetus to move on to better algorithms.
Given no other guidance there's a lot of inertia that will keep many sites
offering RC4, at least until something catastrophic happens.

 

                -Peter

 

From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of Eric Rescorla
Sent: Friday, April 11, 2014 11:50 AM
To: tls@ietf.org
Subject: [TLS] Deprecating RC4 (was: draft-ietf-tls-encrypt-then-mac)

 

Folks,

 

Andrei Popov has refreshed his draft on deprecating RC4:

 

http://tools.ietf.org/html/draft-popov-tls-prohibiting-rc4-02

 

There was significant WG support for this draft previously and

then the discussion migrated to UTA where it does not seem

to be terminating.

 

The chairs would like to hear from WG members whether they

support adoption of this draft in TLS. While this is not a formal

call for adoption, if we get strong support we will immediately

move for adoption, so now is a good time to raise any

objections you have.

 

-Ekr

v2.23.0 | Report a Bug | By Email