Re: Arcfour & RC4

To: Rodney Thayer <rodney%canola-jones.com@localhost>
Subject: Re: Arcfour & RC4
From: Chris Lonvick <clonvick%cisco.com@localhost>
Date: Wed, 9 Mar 2005 18:04:03 -0800 (PST)

Hi,

Then I'll go with the advice given by our AD and Jeffrey; no changes to
the IDs for this.  As there is a process to produce an Informational RFC
now, (and we're kind'a cooling our heels for the moment,) would you
consider resurrecting cipher-arcfour?  It's still viable and would be a
good reference for this and other efforts.

I agree that the IETF process is improving - we're becoming an
acknowledged Standards Developing Organization (SDO).

Thanks,
Chris

On Wed, 9 Mar 2005, Rodney Thayer wrote:

> Basically because there was no clear mechanism at the time to get it to
> informational.  The IETF has been a rat's nest of arcane, undocumented,
> and inconsistent procedures, of course, and it is apparently getting
> better, but at the time we couldn't figure out how to get it to RFC status.
>
> That's the vulnerability in the IETF - it's easier to route around it
> than work through it.
>
> Chris Lonvick wrote:
> > Hi Rodney,
> >
> > Can you tell me why draft-kaukonen-cipher-arcfour-03.txt expired rather
> > than being published as an RFC?  IANAL either.
> >
> > Thanks,
> > Chris
> >
> > On Wed, 9 Mar 2005, Rodney Thayer wrote:
> >
> >
> >>This is an artifact of history.
> >>
> >>Arcfour was brought into the IETF world back in the TLS days.  The folks
> >>at SSH and I coded ARCFOUR, from Schneier, so that we'd have a copy of
> >>the algorithm that wasn't tied up inside the RSA intellectual property.
> >>
> >>The term "RC4" is trade marked by RSA.  The algorithm leaked into the
> >>public domain several years ago, in effect
> >>(#include <I-am-not-a-lawyer.h>)
> >>
> >>The text you refer to sounds like the ARCFOUR draft from way back when ;-)
> >>
> >>Chris Lonvick wrote:
> >>
> >>>Hi,
> >>>
> >>>I went to the IPR WG meeting on Monday and learned lots.  But enough about
> >>>me...
> >>>
> >>>The current [TRANS] document references Arcfour as an acceptable
> >>>algorithm.  It also references RC4 in a somewhat oblique way as follows:
> >>>
> >>>   The "arcfour" is the Arcfour stream cipher with 128 bit keys.  The
> >>>   Arcfour cipher is believed to be compatible with the RC4 cipher
> >>>   [SCHNEIER].  Arcfour (and RC4) has problems with weak keys, and
> >>>   should be used with caution.
> >>>
> >>>The parts about RC4 sound editorial to me.  I also don't think that the
> >>>document should say that there is a "belief" in compatability; they either
> >>>are provably compatible, or the document should remain silent on that
> >>>point.  As such, I propose to change the text to the following:
> >>>
> >>>   The "arcfour" cipher is the Arcfour stream cipher with 128 bit keys
> >>>   [SCHNEIER].  Arcfour has problems with weak keys, and should be used
> >>>   with caution.
> >>>
> >>>Please let me know if you disagree with this proposal.
> >>>
> >>>Thanks,
> >>>Chris
> >>>
> >>>
> >>
> >
> >
>

References:
- Arcfour & RC4
  - From: Chris Lonvick
- Re: Arcfour & RC4
  - From: Rodney Thayer
- Re: Arcfour & RC4
  - From: Chris Lonvick
- Re: Arcfour & RC4
  - From: Rodney Thayer

Prev by Date: Re: "Host name" definition somewhere in the ID set?
Next by Date: Re: Arcfour & RC4
Previous by Thread: Re: Arcfour & RC4
Next by Thread: Re: Arcfour & RC4
Indexes:

Home | Main Index | Thread Index | Old Index