Prohibiting RC4 Cipher Suites
Draft of message to be sent after approval:
From: The IESG <firstname.lastname@example.org> To: IETF-Announce <email@example.com> Cc: RFC Editor <firstname.lastname@example.org>, tls mailing list <email@example.com>, tls chair <firstname.lastname@example.org> Subject: Protocol Action: 'Prohibiting RC4 Cipher Suites' to Proposed Standard (draft-ietf-tls-prohibiting-rc4-01.txt) The IESG has approved the following document: - 'Prohibiting RC4 Cipher Suites' (draft-ietf-tls-prohibiting-rc4-01.txt) as Proposed Standard This document is the product of the Transport Layer Security Working Group. The IESG contact persons are Stephen Farrell and Kathleen Moriarty. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-ietf-tls-prohibiting-rc4/
Technical Summary This document requires that Transport Layer Security (TLS) clients and servers never negotiate the use of RC4 cipher suites when they establish connections. Working Group Summary There is strong working group consensus for this document. During WGLC there was some concern that there may be some implementations that only support RC4 and a "MUST NOT" may not be appropriate for servers. The was strong consensus within the group to move forward with RC4 as a "MUST NOT." In case it comes up, during AD review I did ask the WG if they wanted to go beyond just killing this list of ciphersuites and massacre some more, but the answer, as I expected, was that no, just doing this is what they want to do for now. Document Quality The document has been reviewed by the TLS working group. There is also significant evidence that only a very small percentage of deployments only support RC4. Personnel The document shepherd is Joseph Salowey. The irresponsible Area Director is Stephen Farrell. RFC Editor Note Please remove the square brackets from the abstract.