Prohibiting RC4 Cipher Suites
RFC 7465

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: RFC Editor <rfc-editor@rfc-editor.org>,
    tls mailing list <tls@ietf.org>,
    tls chair <tls-chairs@tools.ietf.org>
Subject: Protocol Action: 'Prohibiting RC4 Cipher Suites' to Proposed Standard (draft-ietf-tls-prohibiting-rc4-01.txt)

The IESG has approved the following document:
- 'Prohibiting RC4 Cipher Suites'
  (draft-ietf-tls-prohibiting-rc4-01.txt) as Proposed Standard

This document is the product of the Transport Layer Security Working
Group.

The IESG contact persons are Stephen Farrell and Kathleen Moriarty.

A URL of this Internet Draft is:
http://datatracker.ietf.org/doc/draft-ietf-tls-prohibiting-rc4/


Technical Summary

   This document requires that Transport Layer Security (TLS) clients
   and servers never negotiate the use of RC4 cipher suites when they
   establish connections.

Working Group Summary

   There is strong working group consensus for this document.  During 
   WGLC there was some concern that there may be some 
   implementations that only support RC4 and a "MUST NOT" may not 
   be appropriate for servers.  The was strong consensus within the 
   group to move forward with RC4 as a "MUST NOT."  

   In case it comes up, during AD review I did ask the WG if they
   wanted to go beyond just killing this list of ciphersuites and
   massacre some more, but the answer, as I expected, was that
   no, just doing this is what they want to do for now.

Document Quality

   The document has been reviewed by the TLS working group. There 
   is also significant evidence that  only a very small percentage of 
   deployments only support RC4.  

Personnel

   The document shepherd is Joseph Salowey.  
   The irresponsible Area Director is Stephen Farrell.

RFC Editor Note

   Please remove the square brackets from the abstract.