Skip to main content

Deprecating RC4 in Secure Shell (SSH)
RFC 8758

Approval announcement
Draft of message to be sent after approval:

Announcement

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: The IESG <iesg@ietf.org>, curdle@ietf.org, Daniel Migault <daniel.migault@ericsson.com>, curdle-chairs@ietf.org, daniel.migault@ericsson.com, kaduk@mit.edu, draft-ietf-curdle-rc4-die-die-die@ietf.org, rfc-editor@rfc-editor.org
Subject: Protocol Action: 'Deprecating RC4 in Secure Shell (SSH)' to Best Current Practice (draft-ietf-curdle-rc4-die-die-die-16.txt)

The IESG has approved the following document:
- 'Deprecating RC4 in Secure Shell (SSH)'
  (draft-ietf-curdle-rc4-die-die-die-16.txt) as Best Current Practice

This document is the product of the CURves, Deprecating and a Little more
Encryption Working Group.

The IESG contact persons are Benjamin Kaduk and Roman Danyliw.

A URL of this Internet Draft is:
https://datatracker.ietf.org/doc/draft-ietf-curdle-rc4-die-die-die/


Ballot Text

Technical Summary

 This document deprecates RC4 in Secure Shell (SSH).  Therefore, this
 document updates [RFC4253], and moves to Historic status [RFC4345].

Working Group Summary

This is an uncontroversial document to deprecate a weak cryptographic
algorithm from the protocol; no opposition was raised.

Document Quality

This document just recommends to remove support for a feature,
so there is little to implement or review.  The ciphers in question
have been entirely removed from at least one implementation's latest
released version.

Personnel

Daniel Migault is the shepherd of the draft. Benjamin Kaduk is
the responsible area director.

RFC Editor Note

RFC Editor Note

  In the IANA Considerations, please update the table to include "HISTORIC" in the
  "Note" column for all three ciphers.

  Also, in Section 1, "arcfour-128" and "arcfour-256" appear with hyphens; the hyphen
  should be removed.

  Once an RFC number is assigned for this document, status-change-ssh-arcfour-to-historic
  should be updated to refer to the RFC instead of the  I-D.