On Fri, Feb 4, 2011 at 9:09 AM, Simon Josefsson <si...@josefsson.org> wrote:
>> gnutls-cli(1). Looking at the source, RC4 is defined in SECURE256, and >> due to major weaknesses in its key scheduling (which can be used very >> effectively against e.g. WEP), I would absolutely not want to use it if >> any other choice were available. Had I not looked at the source, I >> would never have known this. I would certainly not class it as >> "secure". > I also feel uncomfortable including RC4 in the SECURE variants, we all > know that RC4 is not a secure cipher. Nikos, what do you think about > removing it? The attacks known for RC4 do not apply to the TLS protocol. However it is a cipher that weaknesses have been found and I could understand removing it from the "secure" set. regards, Nikos -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
