[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

TLS Man-In-The-Middle Vulnerability

To: or-talk <or-talk@xxxxxxxxxxxxx>
Subject: TLS Man-In-The-Middle Vulnerability
From: Marcus Griep <tormaster@xxxxxxx>
Date: Thu, 5 Nov 2009 14:10:00 -0500
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Thu, 05 Nov 2009 14:18:12 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:received:from:date :x-google-sender-auth:message-id:subject:to:content-type; bh=+1EYGs6AdF6KtCeK3uTJtZNUvlwMj2fetreqCd7Z11k=; b=AzN7DYBe5SOUzzge3D3EMO7cOt8lj7Zp0rfnBK9HlG1SnJKDNMR1u5fy2jmEHtnlsj /jsHk5qk4tFw2f4bvBQKBHcfjaKS5y5hx7HdSz+6fy8n1Iv1pEzHYLo1QplJ68VpeiSG sYONBrFhnMGUnEFo1RaUSzrKUy7yAKakqiTNM=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:from:date:x-google-sender-auth:message-id :subject:to:content-type; b=TvsLGcbtJdBJoZrQVNT0VJSXI01tTD8nCu6v2uu8tD3eg8mh6Qj4T4z9dOnC/1iy7g WOOtKfq0dHFpFofMGJhSIA5JZoyvmsaTKxpvNUnhbpXtXkPVh6GL0Sie+0QLKVXKpFpY ptxUfnJ6gLsZODPYaKg/rZ22hyyQQBJrE8Dkw=
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

Don't know if any one else has seen or taken a look at this. I don't know if this affects Tor, though I believe that we do use certificate renegotiation in the protocol, and that is the entry vector for this particular vulnerability:

"TLS Man-in-the-middle on renegotiation vulnerability made public"
http://isc.sans.org/diary.html?storyid=7534
--
Marcus Griep
——
Ακακια את.ψο´, 3°

Follow-Ups:
- Re: TLS Man-In-The-Middle Vulnerability
  - From: Marcus Griep
- Re: TLS Man-In-The-Middle Vulnerability
  - From: Nick Mathewson

Prev by Author: Re: Ubuntu Karmic repository?
Next by Author: Re: TLS Man-In-The-Middle Vulnerability
Previous by thread: Firefox 3.6 beta and personas
Next by thread: Re: TLS Man-In-The-Middle Vulnerability
Index(es):
- Author
- Thread