Last Call Review of draft-josefsson-rc4-test-vectors-
review-josefsson-rc4-test-vectors-secdir-lc-yu-2011-02-26-00
| Request | Review of | draft-josefsson-rc4-test-vectors |
|---|---|---|
| Requested revision | No specific revision (document currently at 02) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2011-03-01 | |
| Requested | 2011-02-01 | |
| Authors | Joachim Strombergson , Simon Josefsson | |
| I-D last updated | 2011-02-26 | |
| Completed reviews |
Secdir Last Call review of -??
by Taylor Yu
|
|
| Assignment | Reviewer | Taylor Yu |
| State | Completed | |
| Request | Last Call review on draft-josefsson-rc4-test-vectors by Security Area Directorate Assigned | |
| Completed | 2011-02-26 |
review-josefsson-rc4-test-vectors-secdir-lc-yu-2011-02-26-00
The Security Considerations section states:
The RC4 algorithm does not meet the basic criteria required for an
encryption algorithm, as its output is distinguishable from random.
The use of RC4 continue to be recommended against; in particular, its
use in new specifications is discouraged. This note is intended only
to aid the interoperability of existing specifications that make use
of RC4.
I believe this statement is accurate, and have nothing substantial to
add to it.
Comments not directly relevant to security follow.
Section 5 ("Copying conditions") states:
This document is intended to be considered a Code Component, and is
thus effectively available under the Simplified BSD license.
I think it would be reasonable to say that Section 2 qualifies as a
Code Component; the case for the other sections being considered as
Code Components is tenuous, in my opinion.
Editorial: In Section 1, "crypto-analysis" should probably be
"cryptanalysis".