IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Arcfour & RC4
Hi,
Then I'll go with the advice given by our AD and Jeffrey; no changes to
the IDs for this. As there is a process to produce an Informational RFC
now, (and we're kind'a cooling our heels for the moment,) would you
consider resurrecting cipher-arcfour? It's still viable and would be a
good reference for this and other efforts.
I agree that the IETF process is improving - we're becoming an
acknowledged Standards Developing Organization (SDO).
Thanks,
Chris
On Wed, 9 Mar 2005, Rodney Thayer wrote:
> Basically because there was no clear mechanism at the time to get it to
> informational. The IETF has been a rat's nest of arcane, undocumented,
> and inconsistent procedures, of course, and it is apparently getting
> better, but at the time we couldn't figure out how to get it to RFC status.
>
> That's the vulnerability in the IETF - it's easier to route around it
> than work through it.
>
> Chris Lonvick wrote:
> > Hi Rodney,
> >
> > Can you tell me why draft-kaukonen-cipher-arcfour-03.txt expired rather
> > than being published as an RFC? IANAL either.
> >
> > Thanks,
> > Chris
> >
> > On Wed, 9 Mar 2005, Rodney Thayer wrote:
> >
> >
> >>This is an artifact of history.
> >>
> >>Arcfour was brought into the IETF world back in the TLS days. The folks
> >>at SSH and I coded ARCFOUR, from Schneier, so that we'd have a copy of
> >>the algorithm that wasn't tied up inside the RSA intellectual property.
> >>
> >>The term "RC4" is trade marked by RSA. The algorithm leaked into the
> >>public domain several years ago, in effect
> >>(#include <I-am-not-a-lawyer.h>)
> >>
> >>The text you refer to sounds like the ARCFOUR draft from way back when ;-)
> >>
> >>Chris Lonvick wrote:
> >>
> >>>Hi,
> >>>
> >>>I went to the IPR WG meeting on Monday and learned lots. But enough about
> >>>me...
> >>>
> >>>The current [TRANS] document references Arcfour as an acceptable
> >>>algorithm. It also references RC4 in a somewhat oblique way as follows:
> >>>
> >>> The "arcfour" is the Arcfour stream cipher with 128 bit keys. The
> >>> Arcfour cipher is believed to be compatible with the RC4 cipher
> >>> [SCHNEIER]. Arcfour (and RC4) has problems with weak keys, and
> >>> should be used with caution.
> >>>
> >>>The parts about RC4 sound editorial to me. I also don't think that the
> >>>document should say that there is a "belief" in compatability; they either
> >>>are provably compatible, or the document should remain silent on that
> >>>point. As such, I propose to change the text to the following:
> >>>
> >>> The "arcfour" cipher is the Arcfour stream cipher with 128 bit keys
> >>> [SCHNEIER]. Arcfour has problems with weak keys, and should be used
> >>> with caution.
> >>>
> >>>Please let me know if you disagree with this proposal.
> >>>
> >>>Thanks,
> >>>Chris
> >>>
> >>>
> >>
> >
> >
>
Home |
Main Index |
Thread Index |
Old Index