| draft-ietf-curdle-rc4-die-die-die-17.txt | draft-ietf-curdle-rc4-die-die-die-18.txt | |||
|---|---|---|---|---|
| Internet Engineering Task Force L. Camara | Internet Engineering Task Force L. Velvindron | |||
| Internet-Draft | Internet-Draft cyberstorm.mu | |||
| Updates: 4253 (if approved) L. Velvindron | Updates: 4253 (if approved) November 25, 2019 | |||
| Intended status: Best Current Practice cyberstorm.mu | Intended status: Best Current Practice | |||
| Expires: April 23, 2020 October 21, 2019 | Expires: May 28, 2020 | |||
| Deprecating RC4 in Secure Shell (SSH) | Deprecating RC4 in Secure Shell (SSH) | |||
| draft-ietf-curdle-rc4-die-die-die-17 | draft-ietf-curdle-rc4-die-die-die-18 | |||
| Abstract | Abstract | |||
| This document deprecates RC4 in Secure Shell (SSH). Therefore, this | This document deprecates RC4 in Secure Shell (SSH). Therefore, this | |||
| document formally moves RFC4345 to historic status. | document formally moves RFC4345 to historic status. | |||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| skipping to change at page 1, line 32 ¶ | skipping to change at page 1, line 32 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on April 23, 2020. | This Internet-Draft will expire on May 28, 2020. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2019 IETF Trust and the persons identified as the | Copyright (c) 2019 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 16 ¶ | skipping to change at page 2, line 16 ¶ | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 2 | 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 2 | |||
| 2. Updates to RFC 4253 . . . . . . . . . . . . . . . . . . . . . 2 | 2. Updates to RFC 4253 . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 3 | 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 4. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 3 | 4. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 5. Security Considerations . . . . . . . . . . . . . . . . . . . 3 | 5. Security Considerations . . . . . . . . . . . . . . . . . . . 3 | |||
| 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 4 | 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 6.1. Normative References . . . . . . . . . . . . . . . . . . 4 | 6.1. Normative References . . . . . . . . . . . . . . . . . . 4 | |||
| 6.2. Informative References . . . . . . . . . . . . . . . . . 4 | 6.2. Informative References . . . . . . . . . . . . . . . . . 4 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 4 | Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 1. Introduction | 1. Introduction | |||
| The usage of RC4 suites ( also designated as arcfour ) for SSH are | The usage of RC4 suites ( also designated as arcfour ) for SSH are | |||
| specified in [RFC4253] and [RFC4345]. [RFC4253] specifies the | specified in [RFC4253] and [RFC4345]. [RFC4253] specifies the | |||
| allocation of the "arcfour" cipher for SSH. [RFC4345] specifies and | allocation of the "arcfour" cipher for SSH. [RFC4345] specifies and | |||
| allocates the "arcfour128" and "arcfour256" ciphers for SSH. RC4 | allocates the "arcfour128" and "arcfour256" ciphers for SSH. RC4 | |||
| encryption has known weaknesses [RFC7465] [RFC8429], and the | encryption has known weaknesses [RFC7465] [RFC8429], and the | |||
| deprecation process should be begun for their use in Secure Shell | deprecation process should be begun for their use in Secure Shell | |||
| (SSH) [RFC4253]. Accordingly, [RFC4253] is updated to note the | (SSH) [RFC4253]. Accordingly, [RFC4253] is updated to note the | |||
| skipping to change at page 3, line 5 ¶ | skipping to change at page 3, line 5 ¶ | |||
| +---------------+-----------------+---------------------------------+ | +---------------+-----------------+---------------------------------+ | |||
| | arcfour | OPTIONAL | the ARCFOUR stream cipher with | | | arcfour | OPTIONAL | the ARCFOUR stream cipher with | | |||
| | | | a 128-bit key | | | | | a 128-bit key | | |||
| +---------------+-----------------+---------------------------------+ | +---------------+-----------------+---------------------------------+ | |||
| This current document updates the status of the "arcfour" ciphers in | This current document updates the status of the "arcfour" ciphers in | |||
| the list of [RFC4253] Section 6.3 by moving it from OPTIONAL to MUST | the list of [RFC4253] Section 6.3 by moving it from OPTIONAL to MUST | |||
| NOT. | NOT. | |||
| +----------+-----------+--------------------------------------------+ | +-----------+-----------+-------------------------------------------+ | |||
| | arcfour | MUST NOT | the ARCFOUR stream cipher with a 128-bit | | | arcfour | MUST NOT | the ARCFOUR stream cipher with a 128-bit | | |||
| | | | key | | | | | key | | |||
| +----------+-----------+--------------------------------------------+ | +-----------+-----------+-------------------------------------------+ | |||
| [RFC4253] defines the "arcfour" ciphers with the text mentioned | [RFC4253] defines the "arcfour" ciphers with the text mentioned | |||
| below: | below: | |||
| The "arcfour" cipher is the Arcfour stream cipher with 128-bit keys. | The "arcfour" cipher is the Arcfour stream cipher with 128-bit keys. | |||
| The Arcfour cipher is compatible with the RC4 cipher [SCHNEIER]. | The Arcfour cipher is compatible with the RC4 cipher [SCHNEIER]. | |||
| Arcfour (and RC4) has problems with weak keys, and should be used | Arcfour (and RC4) has problems with weak keys, and should be used | |||
| with caution. | with caution. | |||
| This current document updates [RFC4253] Section 6.3 by replacing the | This current document updates [RFC4253] Section 6.3 by replacing the | |||
| skipping to change at page 3, line 33 ¶ | skipping to change at page 3, line 33 ¶ | |||
| Arcfour (and RC4) has known weaknesses [RFC7465] [RFC8429], and MUST | Arcfour (and RC4) has known weaknesses [RFC7465] [RFC8429], and MUST | |||
| NOT be used. | NOT be used. | |||
| 3. IANA Considerations | 3. IANA Considerations | |||
| The IANA is requested to update the Encryption Algorithm Name | The IANA is requested to update the Encryption Algorithm Name | |||
| Registry of the Secure Shell (SSH) Protocol Parameters [IANA]. The | Registry of the Secure Shell (SSH) Protocol Parameters [IANA]. The | |||
| Registration procedure is IETF Review which is achieved by this | Registration procedure is IETF Review which is achieved by this | |||
| document. The registry should be updated as follows: | document. The registry should be updated as follows: | |||
| +------------------------------+------------+------+ | +------------------------------+---------------+---------+ | |||
| | Encryption Algorithm Name | Reference | Note | | | Encryption Algorithm Name | Reference | Note | | |||
| +------------------------------+------------+------+ | +------------------------------+---------------+---------+ | |||
| | arcfour | [RFC-TBD] | | | | arcfour | [RFC-TBD] | | | |||
| | arcfour128 | [RFC-TBD] | | | | arcfour128 | [RFC-TBD] | | | |||
| | arcfour256 | [RFC-TBD] | | | | arcfour256 | [RFC-TBD] | | | |||
| +------------------------------+------------+------+ | +------------------------------+---------------+---------+ | |||
| Where TBD is the RFC number assigned to the document. | Where TBD is the RFC number assigned to the document. | |||
| 4. Acknowledgements | 4. Acknowledgements | |||
| The authors would like to thank Eric Rescorla, Daniel Migault and | The authors would like to thank Eric Rescorla, Daniel Migault and | |||
| Rich Salz. | Rich Salz. | |||
| 5. Security Considerations | 5. Security Considerations | |||
| skipping to change at page 4, line 46 ¶ | skipping to change at page 4, line 46 ¶ | |||
| [RFC8429] Kaduk, B. and M. Short, "Deprecate Triple-DES (3DES) and | [RFC8429] Kaduk, B. and M. Short, "Deprecate Triple-DES (3DES) and | |||
| RC4 in Kerberos", BCP 218, RFC 8429, DOI 10.17487/RFC8429, | RC4 in Kerberos", BCP 218, RFC 8429, DOI 10.17487/RFC8429, | |||
| October 2018, <https://www.rfc-editor.org/info/rfc8429>. | October 2018, <https://www.rfc-editor.org/info/rfc8429>. | |||
| [SCHNEIER] | [SCHNEIER] | |||
| Schneier, B., "Applied Cryptography Second Edition: | Schneier, B., "Applied Cryptography Second Edition: | |||
| protocols algorithms and source in code in C", , 1996, | protocols algorithms and source in code in C", , 1996, | |||
| <SCHNEIER>. | <SCHNEIER>. | |||
| Authors' Addresses | Author's Address | |||
| Luis Camara | ||||
| Email: luis.camara@live.com.pt | ||||
| Loganaden Velvindron | Loganaden Velvindron | |||
| cyberstorm.mu | cyberstorm.mu | |||
| Mauritius | Mauritius | |||
| Email: logan@cyberstorm.mu | Email: logan@cyberstorm.mu | |||
| End of changes. 8 change blocks. | ||||
| 23 lines changed or deleted | 20 lines changed or added | |||
This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||