Last Call Review of draft-josefsson-rc4-test-vectors-
review-josefsson-rc4-test-vectors-secdir-lc-yu-2011-02-26-00
Request | Review of | draft-josefsson-rc4-test-vectors |
---|---|---|
Requested revision | No specific revision (document currently at 02) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2011-03-01 | |
Requested | 2011-02-01 | |
Authors | Joachim Strombergson , Simon Josefsson | |
I-D last updated | 2011-02-26 | |
Completed reviews |
Secdir Last Call review of -??
by Taylor Yu
|
|
Assignment | Reviewer | Taylor Yu |
State | Completed | |
Request | Last Call review on draft-josefsson-rc4-test-vectors by Security Area Directorate Assigned | |
Completed | 2011-02-26 |
review-josefsson-rc4-test-vectors-secdir-lc-yu-2011-02-26-00
The Security Considerations section states: The RC4 algorithm does not meet the basic criteria required for an encryption algorithm, as its output is distinguishable from random. The use of RC4 continue to be recommended against; in particular, its use in new specifications is discouraged. This note is intended only to aid the interoperability of existing specifications that make use of RC4. I believe this statement is accurate, and have nothing substantial to add to it. Comments not directly relevant to security follow. Section 5 ("Copying conditions") states: This document is intended to be considered a Code Component, and is thus effectively available under the Simplified BSD license. I think it would be reasonable to say that Section 2 qualifies as a Code Component; the case for the other sections being considered as Code Components is tenuous, in my opinion. Editorial: In Section 1, "crypto-analysis" should probably be "cryptanalysis".