In message <tsloeaqgc2s(_dot_)fsf(_at_)cz(_dot_)mit(_dot_)edu>, Sam Hartman
Hi, folks. The IESG has received a last call comment recommending
that the new rc4 cipher for ssh be published as informational rather
than as a proposed standard because of weaknesses in rc4. It would be
inappropriate to make a decision based on one comment so I am
soliciting comments on this point.
The argument in favor of publishing this document at proposed is that
the existing arcfour cipher is part of a standard and that many other
IETF protocols use rc4 in standards track documents.
Correct me if I'm wrong, but the serious problems with RC4 that I know
of are related-key attacks. Those don't occur in, say, secsh or TLS.
This draft improves the situation somewhat, and is thus good. That
said, I see no problem with strengthening the security considerations
section to cite some of these other references. (Arguably, though,
those citations belong in a different document on RC4.)
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
Ietf mailing list