SEMI-OT: Prohibiting RC4 Cipher Suites

Peter Koch pk at DENIC.DE
Fri Feb 20 20:10:10 CET 2015


On Fri, Feb 20, 2015 at 06:47:09PM +0000, Viktor Dukhovni wrote:

> a broken 3DES implementation.  They prefer RC4.  If you drop RC4,
> you lose interoperability with these systems.

well, you might end up sending the message in the clear. Whether
that's better or worse than RC4 depends on the perception of
both the sender and the receiver.  However, if they desparately
care, they might encrypt end2end.

> I would wait to disable RC4 for another 2-3 years.  With

The RFC first and foremost gives _implementations_ (libs and apps)
a hook to cease supporting RC4, so depending on sw vendors and
maintainers (and your sw update cycle), you might not have these 2-3 years.

-Peter


More information about the dane-users mailing list