Skip to main content

Deprecating RC4 in all IETF Protocols

Document Type Replaced Internet-Draft (individual)
Expired & archived
Author Luís Câmara
Last updated 2017-07-03
Replaced by draft-ietf-curdle-rc4-die-die-die
RFC stream (None)
Intended RFC status (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Replaced by draft-ietf-curdle-rc4-die-die-die
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


RC4 is extremely weak as shown by RFC 6649 and RFC 7457, is prohibited in TLS by RFC 7465, is prohibited in Kerberos by RFC xxxx and it needs to be prohibited in all IETF protocols. Documents that provide technology that can only use RC4 are obsoleted by this document, so this document obsoletes and moves to Historic RFC 3078 "Microsoft Point-to-Point Encryption (MPPE) Protocol" (only supports RC4, RFC 3079 that is also part of that protocol is also obsoleted), RFC 4345 "Improved Arcfour Modes for the Secure Shell (SSH) Transport Layer Protocol" (note Arcfour and RC4 are synonymous), RFC 4757 "The RC4-HMAC Kerberos Encryption Types Used by Microsoft Windows" (only supports RC4) and RFC 6229 "Test Vectors for the Stream Cipher RC4" (provides test vectors for historic cryptography). RFC 2118, RFC 3501, RFC 3961, RFC 4120, RFC 4253, RFC 6150, RFC 6649, RFC 6733, RFC 7457, RFC 7905 and RFC xxxx are updated to note the deprecation of RC4 in all IETF protocols. (Please do not confuse RFC 4757 with RFC 7457.)


Luís Câmara

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)