Re: draft-harris-ssh-arcfour-fixes-02: informational or proposed?

To: Keith Moore <moore at cs.utk.edu>
Subject: Re: draft-harris-ssh-arcfour-fixes-02: informational or proposed?
From: Sam Hartman <hartmans-ietf at mit.edu>
Date: Wed, 01 Jun 2005 15:09:04 -0400
Cc: ietf at ietf.org, iesg at ietf.org
In-reply-to: <20050601144334.0165488d.moore@cs.utk.edu> (Keith Moore's message of "Wed, 1 Jun 2005 14:43:34 -0400")
List-help: <mailto:ietf-request@ietf.org?subject=help>
List-id: IETF-Discussion <ietf.ietf.org>
List-post: <mailto:ietf@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
References: <tsloeaqgc2s.fsf@cz.mit.edu> <20050601144334.0165488d.moore@cs.utk.edu>
Sender: ietf-bounces at ietf.org
User-agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3 (gnu/linux)

>>>>> "Keith" == Keith Moore <moore at cs.utk.edu> writes:

    >> The argument in favor of publishing this document at proposed
    >> is that the existing arcfour cipher is part of a standard and
    >> that many other IETF protocols use rc4 in standards track
    >> documents.

    Keith> previous mistakes are not valid justifications for new
    Keith> mistakes.  previous accidents are not valid justifications
    Keith> for deliberately weakening new products.
So, that's certainly true.  but I can see two points.

1) There is an existing somewhat broken rc4 cipher in the ssh
   standards-track document.  This spec proposes to replace that
   cipher with one that is much less broken.  Why should that be at a lower level of standardization than the existing cipher?

2) The fact that we have rc4 in a lot of standards may suggest that we
    consider the attacks against it not sufficient to actually count
    as broken.  To some extent this second consideration is targeted
    at the security community.


_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

Follow-Ups:
- Re: draft-harris-ssh-arcfour-fixes-02: informational or proposed?
  - From: Keith Moore

References:
- draft-harris-ssh-arcfour-fixes-02: informational or proposed?
  - From: Sam Hartman
- Re: draft-harris-ssh-arcfour-fixes-02: informational or proposed?
  - From: Keith Moore

Prev by Date: Re: draft-harris-ssh-arcfour-fixes-02: informational or proposed?
Next by Date: Re: draft-harris-ssh-arcfour-fixes-02: informational or proposed?
Previous by thread: Re: draft-harris-ssh-arcfour-fixes-02: informational or proposed?
Next by thread: Re: draft-harris-ssh-arcfour-fixes-02: informational or proposed?
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Re: draft-harris-ssh-arcfour-fixes-02: informational or proposed?

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.