IETF Logo Mail Archive

[Uta] On prohibiting RC4

"Salz, Rich" <rsalz@akamai.com> Fri, 07 March 2014 10:02 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6B2C1A0247 for <uta@ietfa.amsl.com>; Fri, 7 Mar 2014 02:02:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.446
X-Spam-Level:
X-Spam-Status: No, score=-2.446 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.547] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gHn4wZq9DbEe for <uta@ietfa.amsl.com>; Fri, 7 Mar 2014 02:02:02 -0800 (PST)
Received: from prod-mail-xrelay07.akamai.com (prod-mail-xrelay07.akamai.com [72.246.2.115]) by ietfa.amsl.com (Postfix) with ESMTP id 03B251A0164 for <uta@ietf.org>; Fri, 7 Mar 2014 02:02:02 -0800 (PST)
Received: from prod-mail-xrelay07.akamai.com (localhost.localdomain [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id 69CFA47424 for <uta@ietf.org>; Fri, 7 Mar 2014 10:01:57 +0000 (GMT)
Received: from prod-mail-relay06.akamai.com (prod-mail-relay06.akamai.com [172.17.120.126]) by prod-mail-xrelay07.akamai.com (Postfix) with ESMTP id 2428847401 for <uta@ietf.org>; Fri, 7 Mar 2014 10:01:55 +0000 (GMT)
Received: from usma1ex-cashub.kendall.corp.akamai.com (usma1ex-cashub6.kendall.corp.akamai.com [172.27.105.22]) by prod-mail-relay06.akamai.com (Postfix) with ESMTP id 1FCDE20EB for <uta@ietf.org>; Fri, 7 Mar 2014 10:01:54 +0000 (GMT)
Received: from USMBX1.msg.corp.akamai.com ([169.254.1.104]) by USMA1EX-CASHUB6.kendall.corp.akamai.com ([172.27.105.22]) with mapi; Fri, 7 Mar 2014 05:01:54 -0500
From: "Salz, Rich" <rsalz@akamai.com>
To: "uta@ietf.org" <uta@ietf.org>
Date: Fri, 07 Mar 2014 05:01:51 -0500
Thread-Topic: On prohibiting RC4
Thread-Index: Ac8564QKs0rdCOVSTiywj6IZRlSaLA==
Message-ID: <2A0EFB9C05D0164E98F19BB0AF3708C711FB9AAD73@USMBX1.msg.corp.akamai.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_2A0EFB9C05D0164E98F19BB0AF3708C711FB9AAD73USMBX1msgcorp_"
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/uta/lTLg1n0GQKmO3Gyrx5FIKoCK-fs
Subject: [Uta] On prohibiting RC4
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Mar 2014 10:02:04 -0000

As requested, posting this to the list.  My concern about the "prohibiting RC4" draft is that it is too broad.  For TLS 1.1 and beyond, we should definitely not use RC4 as there are better alternatives.  For TLS 1.0, a case can be made that RC4 is the best choice, or the least-worst.  For example, see http://blog.cloudflare.com/killing-rc4 (including the comments).

--
Principal Security Engineer
Akamai Technology
Cambridge, MA

v2.23.0 | Report a Bug | By Email