John C Klensin wrote:
(Btw -- unless your enemy is the NSA or its non-US equivalents,
cryptanalysis is the least of your worries. Hacking in is so
The references were exceptionally useful, thank you. I wasn't aware of
the earlier RC4 work in Japan.
Deprecating RC4 was already part of the plan, although the
interoperability issues in the SMTP space are quite different from the
browser space: there are still millions of Exchange Servers out there
whose only viable ciphers are RC4 and 3DES. And despite all the advances
in CPU power over the years, 3DES is still expensive.
The idea of reordering the EHLO response was always a kludge, but I was
still curious if it was a statistically interesting kludge.
ietf-smtp mailing list