[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: TLS Man-In-The-Middle Vulnerability



The ITEF Network Working Group has already begun drafting a new extension to TLS: Renegotiation Indication.

https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt
--
Marcus Griep
——
Ακακια את.ψο´, 3°


On Thu, Nov 5, 2009 at 2:10 PM, Marcus Griep <tormaster@xxxxxxx> wrote:
Don't know if any one else has seen or taken a look at this. I don't know if this affects Tor, though I believe that we do use certificate renegotiation in the protocol, and that is the entry vector for this particular vulnerability:

"TLS Man-in-the-middle on renegotiation vulnerability made public"
http://isc.sans.org/diary.html?storyid=7534
--
Marcus Griep
——
Ακακια את.ψο´, 3°