Re: Arcfour & RC4

To: Chris Lonvick <clonvick%cisco.com@localhost>
Subject: Re: Arcfour & RC4
From: Rodney Thayer <rodney%canola-jones.com@localhost>
Date: Wed, 09 Mar 2005 15:00:24 -0800

This is an artifact of history.

Arcfour was brought into the IETF world back in the TLS days. The folksat SSH and I coded ARCFOUR, from Schneier, so that we'd have a copy ofthe algorithm that wasn't tied up inside the RSA intellectual property.

The term "RC4" is trade marked by RSA. The algorithm leaked into thepublic domain several years ago, in effect

(#include <I-am-not-a-lawyer.h>)

The text you refer to sounds like the ARCFOUR draft from way back when ;-)

Chris Lonvick wrote:

Hi,

I went to the IPR WG meeting on Monday and learned lots.  But enough about
me...

The current [TRANS] document references Arcfour as an acceptable
algorithm.  It also references RC4 in a somewhat oblique way as follows:

   The "arcfour" is the Arcfour stream cipher with 128 bit keys.  The
   Arcfour cipher is believed to be compatible with the RC4 cipher
   [SCHNEIER].  Arcfour (and RC4) has problems with weak keys, and
   should be used with caution.

The parts about RC4 sound editorial to me.  I also don't think that the
document should say that there is a "belief" in compatability; they either
are provably compatible, or the document should remain silent on that
point.  As such, I propose to change the text to the following:

   The "arcfour" cipher is the Arcfour stream cipher with 128 bit keys
   [SCHNEIER].  Arcfour has problems with weak keys, and should be used
   with caution.

Please let me know if you disagree with this proposal.

Thanks,
Chris

Follow-Ups:
- Re: Arcfour & RC4
  - From: Chris Lonvick

References:
- Arcfour & RC4
  - From: Chris Lonvick

Prev by Date: Re: Arcfour & RC4
Next by Date: Re: "Host name" definition somewhere in the ID set?
Previous by Thread: Re: Arcfour & RC4
Next by Thread: Re: Arcfour & RC4
Indexes:

Home | Main Index | Thread Index | Old Index