Re: [Uta] On prohibiting RC4

Alyssa Rowan <> Fri, 07 March 2014 14:21 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 260641A01AA for <>; Fri, 7 Mar 2014 06:21:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id y4BeYUBccvC2 for <>; Fri, 7 Mar 2014 06:21:51 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 191CF1A019D for <>; Fri, 7 Mar 2014 06:21:50 -0800 (PST)
Received: from [] ( []) by (Postfix) with ESMTPSA id CE861608EC for <>; Fri, 7 Mar 2014 14:21:45 +0000 (GMT)
Message-ID: <>
Date: Fri, 07 Mar 2014 14:20:14 +0000
From: Alyssa Rowan <>
MIME-Version: 1.0
References: <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Subject: Re: [Uta] On prohibiting RC4
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: UTA working group mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 07 Mar 2014 14:21:54 -0000

Hash: SHA512

On 07/03/2014 12:46, Salz, Rich wrote:

> It depends on what you're concerned about.  From a global view, I'm
> concerned about perpass.

As are we all, and the reason for this discussion.

> From a commercial view, I'm perhaps more worried about my customers
> getting through to me.

I understand that: try [000a] TLS_RSA_3DES_EDE_CBC_SHA as a failsafe
for legacy clients, iff [002f] TLS_RSA_WITH_AES_128_CBC_SHA is not
supported? 3DES is supported as far back as RC4 is, it's not choice
anymore but it's not precipitously weak, and we were discussing that
back in December and January. Problem solved, as far as I can see?

If any of your customers outright require RC4 specifically, well then
They're Doing It Wrong - and the draft under discussion is the
document that will notify them that they are going directly against
good advice.

>> [re: RC4 is broken in real time by the #NSA - stop using it.]
> You're not seriously expecting me to take this undocumented 
> assertion without skepticism, are you?

Of course not. Scepticism is entirely reasonable. I am relaying what
I've been told by sources that _I_ trust, not asking you to trust them
in turn.

But still, being sceptical and ignoring that, it is the best fit for
the huge 'cryptologic breakthrough' that is referenced in the Snowden
docs. Perhaps ask Jacob Applebaum or Bruce Schneier for more info
(although I think if they had any details, they would happily have
disclosed them, and I understand the Snowden docs do not contain
details like that).

For the record, I would love to see such a cryptanalytic breakthrough
documented in the public literature, and I encourage anyone who has
sufficient access to fully disclose it in both the interest of global
security and for the furtherance of science.

Discounting that entirely, even what we know publicly, from 2013,
strongly suggests deprecation of RC4 is already long overdue and we
need to move away from it right now. Surely you don't contest that.

> Not everyone feels this way.

I would be very interested to hear their reasons in detail, but with
respect, their conclusions are simply wrong.

As I have said, passive attacks are available to Eve and can be
applied retrospectively; active attacks are only available to Mallory
and cannot. Passive attacks therefore present a greater threat than
active attacks.

>> so I assume you're simply playing Devil's Advocate here?
> No.

Oh? Forgive my assumption: the arguments in the third-person confused me.

>> If you have any specific points or counterpoints, I'm sure we'd 
>> all love to hear them.
> I'll wait until the minutes are published which will hopefully 
> contain ekr's view which (rightfully) carries more weight than 
> mine.

Very well. I'm sure I shall look forward to reading them.

- --