IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Arcfour & RC4
Hi Rodney,
Can you tell me why draft-kaukonen-cipher-arcfour-03.txt expired rather
than being published as an RFC? IANAL either.
Thanks,
Chris
On Wed, 9 Mar 2005, Rodney Thayer wrote:
> This is an artifact of history.
>
> Arcfour was brought into the IETF world back in the TLS days. The folks
> at SSH and I coded ARCFOUR, from Schneier, so that we'd have a copy of
> the algorithm that wasn't tied up inside the RSA intellectual property.
>
> The term "RC4" is trade marked by RSA. The algorithm leaked into the
> public domain several years ago, in effect
> (#include <I-am-not-a-lawyer.h>)
>
> The text you refer to sounds like the ARCFOUR draft from way back when ;-)
>
> Chris Lonvick wrote:
> > Hi,
> >
> > I went to the IPR WG meeting on Monday and learned lots. But enough about
> > me...
> >
> > The current [TRANS] document references Arcfour as an acceptable
> > algorithm. It also references RC4 in a somewhat oblique way as follows:
> >
> > The "arcfour" is the Arcfour stream cipher with 128 bit keys. The
> > Arcfour cipher is believed to be compatible with the RC4 cipher
> > [SCHNEIER]. Arcfour (and RC4) has problems with weak keys, and
> > should be used with caution.
> >
> > The parts about RC4 sound editorial to me. I also don't think that the
> > document should say that there is a "belief" in compatability; they either
> > are provably compatible, or the document should remain silent on that
> > point. As such, I propose to change the text to the following:
> >
> > The "arcfour" cipher is the Arcfour stream cipher with 128 bit keys
> > [SCHNEIER]. Arcfour has problems with weak keys, and should be used
> > with caution.
> >
> > Please let me know if you disagree with this proposal.
> >
> > Thanks,
> > Chris
> >
> >
>
Home |
Main Index |
Thread Index |
Old Index