The IESG has approved the following document: - 'Deprecating RC4 in Secure Shell (SSH)' (draft-ietf-curdle-rc4-die-die-die-16.txt) as Best Current Practice
This document is the product of the CURves, Deprecating and a Little more Encryption Working Group. The IESG contact persons are Benjamin Kaduk and Roman Danyliw. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-curdle-rc4-die-die-die/ Technical Summary This document deprecates RC4 in Secure Shell (SSH). Therefore, this document updates [RFC4253], and moves to Historic status [RFC4345]. Working Group Summary This is an uncontroversial document to deprecate a weak cryptographic algorithm from the protocol; no opposition was raised. Document Quality This document just recommends to remove support for a feature, so there is little to implement or review. The ciphers in question have been entirely removed from at least one implementation's latest released version. Personnel Daniel Migault is the shepherd of the draft. Benjamin Kaduk is the responsible area director. RFC Editor Note In the IANA Considerations, please update the table to include "HISTORIC" in the "Note" column for all three ciphers. Also, in Section 1, "arcfour-128" and "arcfour-256" appear with hyphens; the hyphen should be removed. Once an RFC number is assigned for this document, status-change-ssh-arcfour-to-historic should be updated to refer to the RFC instead of the I-D. _______________________________________________ IETF-Announce mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-announce
