RC4 has been deprecated for over a decade: the first flaws were found in 2001, and RC4 was fully-broken in WEP in 2004. Yes, there has been movement back to RC4 due to the beast attacks, but the fact that it's "the best of a bad bunch" should not fool us. As Schneier said before the recent NSA disclosures, "There's no reason to panic here. But let's start to move away from RC4 to something like AES." ( https://www.schneier.com/blog/archives/2013/03/new_rc4_attack.html). This is not speculation. There are real attacks on RC4, and they will only get better with time.
But yes, let's get to TLS 1.2 first. --scott _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
