draft-ietf-curdle-rc4-die-die-die-17.txt   draft-ietf-curdle-rc4-die-die-die-18.txt 
Internet Engineering Task Force L. Camara Internet Engineering Task Force L. Velvindron
Internet-Draft Internet-Draft cyberstorm.mu
Updates: 4253 (if approved) L. Velvindron Updates: 4253 (if approved) November 25, 2019
Intended status: Best Current Practice cyberstorm.mu Intended status: Best Current Practice
Expires: April 23, 2020 October 21, 2019 Expires: May 28, 2020
Deprecating RC4 in Secure Shell (SSH) Deprecating RC4 in Secure Shell (SSH)
draft-ietf-curdle-rc4-die-die-die-17 draft-ietf-curdle-rc4-die-die-die-18
Abstract Abstract
This document deprecates RC4 in Secure Shell (SSH). Therefore, this This document deprecates RC4 in Secure Shell (SSH). Therefore, this
document formally moves RFC4345 to historic status. document formally moves RFC4345 to historic status.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
skipping to change at page 1, line 32 skipping to change at page 1, line 32
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 23, 2020. This Internet-Draft will expire on May 28, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 16 skipping to change at page 2, line 16
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Requirements Language . . . . . . . . . . . . . . . . . . 2 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 2
2. Updates to RFC 4253 . . . . . . . . . . . . . . . . . . . . . 2 2. Updates to RFC 4253 . . . . . . . . . . . . . . . . . . . . . 2
3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 3 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 3
4. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 3 4. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 3
5. Security Considerations . . . . . . . . . . . . . . . . . . . 3 5. Security Considerations . . . . . . . . . . . . . . . . . . . 3
6. References . . . . . . . . . . . . . . . . . . . . . . . . . 4 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 4
6.1. Normative References . . . . . . . . . . . . . . . . . . 4 6.1. Normative References . . . . . . . . . . . . . . . . . . 4
6.2. Informative References . . . . . . . . . . . . . . . . . 4 6.2. Informative References . . . . . . . . . . . . . . . . . 4
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 4 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 4
1. Introduction 1. Introduction
The usage of RC4 suites ( also designated as arcfour ) for SSH are The usage of RC4 suites ( also designated as arcfour ) for SSH are
specified in [RFC4253] and [RFC4345]. [RFC4253] specifies the specified in [RFC4253] and [RFC4345]. [RFC4253] specifies the
allocation of the "arcfour" cipher for SSH. [RFC4345] specifies and allocation of the "arcfour" cipher for SSH. [RFC4345] specifies and
allocates the "arcfour128" and "arcfour256" ciphers for SSH. RC4 allocates the "arcfour128" and "arcfour256" ciphers for SSH. RC4
encryption has known weaknesses [RFC7465] [RFC8429], and the encryption has known weaknesses [RFC7465] [RFC8429], and the
deprecation process should be begun for their use in Secure Shell deprecation process should be begun for their use in Secure Shell
(SSH) [RFC4253]. Accordingly, [RFC4253] is updated to note the (SSH) [RFC4253]. Accordingly, [RFC4253] is updated to note the
skipping to change at page 3, line 5 skipping to change at page 3, line 5
+---------------+-----------------+---------------------------------+ +---------------+-----------------+---------------------------------+
| arcfour | OPTIONAL | the ARCFOUR stream cipher with | | arcfour | OPTIONAL | the ARCFOUR stream cipher with |
| | | a 128-bit key | | | | a 128-bit key |
+---------------+-----------------+---------------------------------+ +---------------+-----------------+---------------------------------+
This current document updates the status of the "arcfour" ciphers in This current document updates the status of the "arcfour" ciphers in
the list of [RFC4253] Section 6.3 by moving it from OPTIONAL to MUST the list of [RFC4253] Section 6.3 by moving it from OPTIONAL to MUST
NOT. NOT.
+----------+-----------+--------------------------------------------+ +-----------+-----------+-------------------------------------------+
| arcfour | MUST NOT | the ARCFOUR stream cipher with a 128-bit | | arcfour | MUST NOT | the ARCFOUR stream cipher with a 128-bit |
| | | key | | | | key |
+----------+-----------+--------------------------------------------+ +-----------+-----------+-------------------------------------------+
[RFC4253] defines the "arcfour" ciphers with the text mentioned [RFC4253] defines the "arcfour" ciphers with the text mentioned
below: below:
The "arcfour" cipher is the Arcfour stream cipher with 128-bit keys. The "arcfour" cipher is the Arcfour stream cipher with 128-bit keys.
The Arcfour cipher is compatible with the RC4 cipher [SCHNEIER]. The Arcfour cipher is compatible with the RC4 cipher [SCHNEIER].
Arcfour (and RC4) has problems with weak keys, and should be used Arcfour (and RC4) has problems with weak keys, and should be used
with caution. with caution.
This current document updates [RFC4253] Section 6.3 by replacing the This current document updates [RFC4253] Section 6.3 by replacing the
skipping to change at page 3, line 33 skipping to change at page 3, line 33
Arcfour (and RC4) has known weaknesses [RFC7465] [RFC8429], and MUST Arcfour (and RC4) has known weaknesses [RFC7465] [RFC8429], and MUST
NOT be used. NOT be used.
3. IANA Considerations 3. IANA Considerations
The IANA is requested to update the Encryption Algorithm Name The IANA is requested to update the Encryption Algorithm Name
Registry of the Secure Shell (SSH) Protocol Parameters [IANA]. The Registry of the Secure Shell (SSH) Protocol Parameters [IANA]. The
Registration procedure is IETF Review which is achieved by this Registration procedure is IETF Review which is achieved by this
document. The registry should be updated as follows: document. The registry should be updated as follows:
+------------------------------+------------+------+ +------------------------------+---------------+---------+
| Encryption Algorithm Name | Reference | Note | | Encryption Algorithm Name | Reference | Note |
+------------------------------+------------+------+ +------------------------------+---------------+---------+
| arcfour | [RFC-TBD] | | | arcfour | [RFC-TBD] | |
| arcfour128 | [RFC-TBD] | | | arcfour128 | [RFC-TBD] | |
| arcfour256 | [RFC-TBD] | | | arcfour256 | [RFC-TBD] | |
+------------------------------+------------+------+ +------------------------------+---------------+---------+
Where TBD is the RFC number assigned to the document. Where TBD is the RFC number assigned to the document.
4. Acknowledgements 4. Acknowledgements
The authors would like to thank Eric Rescorla, Daniel Migault and The authors would like to thank Eric Rescorla, Daniel Migault and
Rich Salz. Rich Salz.
5. Security Considerations 5. Security Considerations
skipping to change at page 4, line 46 skipping to change at page 4, line 46
[RFC8429] Kaduk, B. and M. Short, "Deprecate Triple-DES (3DES) and [RFC8429] Kaduk, B. and M. Short, "Deprecate Triple-DES (3DES) and
RC4 in Kerberos", BCP 218, RFC 8429, DOI 10.17487/RFC8429, RC4 in Kerberos", BCP 218, RFC 8429, DOI 10.17487/RFC8429,
October 2018, <https://www.rfc-editor.org/info/rfc8429>. October 2018, <https://www.rfc-editor.org/info/rfc8429>.
[SCHNEIER] [SCHNEIER]
Schneier, B., "Applied Cryptography Second Edition: Schneier, B., "Applied Cryptography Second Edition:
protocols algorithms and source in code in C", , 1996, protocols algorithms and source in code in C", , 1996,
<SCHNEIER>. <SCHNEIER>.
Authors' Addresses Author's Address
Luis Camara
Email: luis.camara@live.com.pt
Loganaden Velvindron Loganaden Velvindron
cyberstorm.mu cyberstorm.mu
Mauritius Mauritius
Email: logan@cyberstorm.mu Email: logan@cyberstorm.mu
 End of changes. 8 change blocks. 
23 lines changed or deleted 20 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/