[TLS] Protocol Action: 'Prohibiting RC4 Cipher Suites' to Proposed Standard (draft-ietf-tls-prohibiting-rc4-01.txt)
The IESG <iesg-secretary@ietf.org> Fri, 09 January 2015 20:10 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA1CA1A0406; Fri, 9 Jan 2015 12:10:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Level:
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yLZ3mMhanHzN; Fri, 9 Jan 2015 12:10:20 -0800 (PST)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 34AAE1A900A; Fri, 9 Jan 2015 12:10:09 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 5.10.0.p8
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20150109201009.26717.62937.idtracker@ietfa.amsl.com>
Date: Fri, 09 Jan 2015 12:10:09 -0800
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/wsCZ-NWjZjn4xe83S9nNd2rx1hY>
Cc: tls mailing list <tls@ietf.org>, tls chair <tls-chairs@tools.ietf.org>, RFC Editor <rfc-editor@rfc-editor.org>
Subject: [TLS] Protocol Action: 'Prohibiting RC4 Cipher Suites' to Proposed Standard (draft-ietf-tls-prohibiting-rc4-01.txt)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Jan 2015 20:10:22 -0000
The IESG has approved the following document: - 'Prohibiting RC4 Cipher Suites' (draft-ietf-tls-prohibiting-rc4-01.txt) as Proposed Standard This document is the product of the Transport Layer Security Working Group. The IESG contact persons are Stephen Farrell and Kathleen Moriarty. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-ietf-tls-prohibiting-rc4/ Technical Summary This document requires that Transport Layer Security (TLS) clients and servers never negotiate the use of RC4 cipher suites when they establish connections. Working Group Summary There is strong working group consensus for this document. During WGLC there was some concern that there may be some implementations that only support RC4 and a "MUST NOT" may not be appropriate for servers. The was strong consensus within the group to move forward with RC4 as a "MUST NOT." In case it comes up, during AD review I did ask the WG if they wanted to go beyond just killing this list of ciphersuites and massacre some more, but the answer, as I expected, was that no, just doing this is what they want to do for now. Document Quality The document has been reviewed by the TLS working group. There is also significant evidence that only a very small percentage of deployments only support RC4. Personnel The document shepherd is Joseph Salowey. The irresponsible Area Director is Stephen Farrell. RFC Editor Note Please remove the square brackets from the abstract.