>>>>> "Steven" == Steven M Bellovin <[EMAIL PROTECTED]> writes:
Steven> ------- Forwarded Message
Steven> In message <[EMAIL PROTECTED]>, Sam Hartman
Steven> writes:
>>
>>
>> Hi, folks. The IESG has received a last call comment
>> recommending that the new rc4 cipher for ssh be published as
>> informational rather than as a proposed standard because of
>> weaknesses in rc4. It would be inappropriate to make a
>> decision based on one comment so I am soliciting comments on
>> this point.
>>
>> The argument in favor of publishing this document at proposed
>> is that the existing arcfour cipher is part of a standard and
>> that many other IETF protocols use rc4 in standards track
>> documents.
>>
Steven> Correct me if I'm wrong, but the serious problems with RC4
Steven> that I know of are related-key attacks.
That's what I thought too. However that seems to be false. The one
reference currently in the security considerations section is for an
attack to distinguish an RC4 stream from a random stream. That's much
more serious for ssh and tls than the related key attacks.
--Sam
_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf
