Technical Summary
This document requires that Transport Layer Security (TLS) clients
and servers never negotiate the use of RC4 cipher suites when they
establish connections.
Working Group Summary
There is strong working group consensus for this document. During
WGLC there was some concern that there may be some
implementations that only support RC4 and a "MUST NOT" may not
be appropriate for servers. The was strong consensus within the
group to move forward with RC4 as a "MUST NOT."
In case it comes up, during AD review I did ask the WG if they
wanted to go beyond just killing this list of ciphersuites and
massacre some more, but the answer, as I expected, was that
no, just doing this is what they want to do for now.
Document Quality
The document has been reviewed by the TLS working group. There
is also significant evidence that only a very small percentage of
deployments only support RC4.
Personnel
The document shepherd is Joseph Salowey.
The irresponsible Area Director is Stephen Farrell.
RFC Editor Note
Please remove the square brackets from the abstract.