IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Resolution of last call comments for draft-harris-ssh-arcfour-fixes-02.txt




Hi.  The last call period on your draft has expired.  As you are no
doubt aware there was a significant discussion of the suitability of
rc4 for use as a standards-track ssh cipher .

The community consensus supports publishing this draft on the
standards track.  However we need to clearly indicate the
applicability of this proposal.

Please add an applicability statement discussing the performance
advantages of RC4 against the known security weaknesses.  You may end
up reusing text from your security considerations text.  Your
applicability statement needs to suggest to the reader that they
consider the ssh newmodes draft as an alternative to your rc4 ciphers.
This alternative should be chosen in environments where the advantages
of RC4 do not make it attractive.



The reference to the newmodes draft needs to be normative.  I believe
that the decision to implement this standard requires evaluation of
that draft as well.  In addition, procedurally the reference to
newmodes needs to block publication of this draft so it is not
removed.

In addition, I'm still waiting to hear back from you on the questions
raised in the security directorate review.  While these points are
minor, they should be addressed.


Thanks for all the hard work.

Awaiting your revisions,

--Sam




Home | Main Index | Thread Index | Old Index