Re: Arcfour & RC4

[Chris Lonvick <clonvick%cisco.com@localhost>]

Hi Rodney,

Can you tell me why draft-kaukonen-cipher-arcfour-03.txt expired rather
than being published as an RFC?  IANAL either.

Thanks,
Chris

On Wed, 9 Mar 2005, Rodney Thayer wrote:

> This is an artifact of history.
>
> Arcfour was brought into the IETF world back in the TLS days.  The folks
> at SSH and I coded ARCFOUR, from Schneier, so that we'd have a copy of
> the algorithm that wasn't tied up inside the RSA intellectual property.
>
> The term "RC4" is trade marked by RSA.  The algorithm leaked into the
> public domain several years ago, in effect
> (#include <I-am-not-a-lawyer.h>)
>
> The text you refer to sounds like the ARCFOUR draft from way back when ;-)
>
> Chris Lonvick wrote:
> > Hi,
> >
> > I went to the IPR WG meeting on Monday and learned lots.  But enough about
> > me...
> >
> > The current [TRANS] document references Arcfour as an acceptable
> > algorithm.  It also references RC4 in a somewhat oblique way as follows:
> >
> >    The "arcfour" is the Arcfour stream cipher with 128 bit keys.  The
> >    Arcfour cipher is believed to be compatible with the RC4 cipher
> >    [SCHNEIER].  Arcfour (and RC4) has problems with weak keys, and
> >    should be used with caution.
> >
> > The parts about RC4 sound editorial to me.  I also don't think that the
> > document should say that there is a "belief" in compatability; they either
> > are provably compatible, or the document should remain silent on that
> > point.  As such, I propose to change the text to the following:
> >
> >    The "arcfour" cipher is the Arcfour stream cipher with 128 bit keys
> >    [SCHNEIER].  Arcfour has problems with weak keys, and should be used
> >    with caution.
> >
> > Please let me know if you disagree with this proposal.
> >
> > Thanks,
> > Chris
> >
> >
>