Re: draft-harris-ssh-arcfour-fixes-02: informational or proposed?

To: Keith Moore <moore at cs.utk.edu>
Subject: Re: draft-harris-ssh-arcfour-fixes-02: informational or proposed?
From: "william(at)elan.net" <william at elan.net>
Date: Thu, 2 Jun 2005 02:31:23 -0700 (PDT)
Cc: ietf at ietf.org
In-reply-to: <20050601144334.0165488d.moore@cs.utk.edu>
List-help: <mailto:ietf-request@ietf.org?subject=help>
List-id: IETF-Discussion <ietf.ietf.org>
List-post: <mailto:ietf@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
References: <tsloeaqgc2s.fsf@cz.mit.edu> <20050601144334.0165488d.moore@cs.utk.edu>
Sender: ietf-bounces at ietf.org


On Wed, 1 Jun 2005, Keith Moore wrote:

The argument in favor of publishing this document at proposed is that
the existing arcfour cipher is part of a standard and that many other
IETF protocols use rc4 in standards track documents.


previous mistakes are not valid justifications for new mistakes.
previous accidents are not valid justifications for deliberately weakening
new products.


Keith,

I think you're right in general. But in this specific case its not a
"new product". SSH already uses RC4, the change is increasing size
of key that maybe used. Admittedly it does not fix problems with SSH
using RC4 in general, but the update provide for better security
then current system and is definitely not weakening it.

--
William Leibzon
Elan Networks
william at elan.net

_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

Follow-Ups:
- Re: draft-harris-ssh-arcfour-fixes-02: informational or proposed?
  - From: Ben Harris

References:
- draft-harris-ssh-arcfour-fixes-02: informational or proposed?
  - From: Sam Hartman
- Re: draft-harris-ssh-arcfour-fixes-02: informational or proposed?
  - From: Keith Moore

Prev by Date: Re: draft-harris-ssh-arcfour-fixes-02: informational or proposed?
Next by Date: Re: [saag] [Sam Hartman] draft-harris-ssh-arcfour-fixes-02: informational or proposed?
Previous by thread: Re: draft-harris-ssh-arcfour-fixes-02: informational or proposed?
Next by thread: Re: draft-harris-ssh-arcfour-fixes-02: informational or proposed?
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Re: draft-harris-ssh-arcfour-fixes-02: informational or proposed?

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.