"Keith" == Keith Moore <moore(_at_)cs(_dot_)utk(_dot_)edu> writes:
>> The argument in favor of publishing this document at proposed
>> is that the existing arcfour cipher is part of a standard and
>> that many other IETF protocols use rc4 in standards track
Keith> previous mistakes are not valid justifications for new
Keith> mistakes. previous accidents are not valid justifications
Keith> for deliberately weakening new products.
So, that's certainly true. but I can see two points.
1) There is an existing somewhat broken rc4 cipher in the ssh
standards-track document. This spec proposes to replace that
cipher with one that is much less broken. Why should that be at a lower
level of standardization than the existing cipher?
2) The fact that we have rc4 in a lot of standards may suggest that we
consider the attacks against it not sufficient to actually count
as broken. To some extent this second consideration is targeted
at the security community.
Ietf mailing list