[TLS] I-D ACTION:draft-ietf-tls-renegotiation-02.txt
Internet-Drafts@ietf.org Wed, 16 December 2009 22:30 UTC
Return-Path: <root@core3.amsl.com>
X-Original-To: tls@ietf.org
Delivered-To: tls@core3.amsl.com
Received: by core3.amsl.com (Postfix, from userid 0) id 693FC3A6A87; Wed, 16 Dec 2009 14:30:02 -0800 (PST)
From: Internet-Drafts@ietf.org
To: i-d-announce@ietf.org
Content-Type: Multipart/Mixed; Boundary="NextPart"
Mime-Version: 1.0
Message-Id: <20091216223004.693FC3A6A87@core3.amsl.com>
Date: Wed, 16 Dec 2009 14:30:02 -0800
Cc: tls@ietf.org
Subject: [TLS] I-D ACTION:draft-ietf-tls-renegotiation-02.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Dec 2009 22:30:06 -0000
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Transport Layer Security Working Group of the IETF. Title : Transport Layer Security (TLS) Renegotiation Indication Extension Author(s) : E. Rescorla, N. Oskov, M. Ray, S. Dispensa Filename : draft-ietf-tls-renegotiation-02.txt Pages : 12 Date : 2009-12-16 SSL and TLS renegotiation are vulnerable to an attack in which the attacker forms a TLS connection with the target server, injects content of his choice, and then splices in a new TLS connection from a client. The server treats the client's initial TLS handshake as a renegotiation and thus believes that the initial data transmitted by the attacker is from the same entity as the subsequent client data. This specification defines a TLS extension to cryptographically tie renegotiations to the TLS connections they are being performed over, thus preventing this attack. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-tls-renegotiation-02.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft.
- [TLS] I-D ACTION:draft-ietf-tls-renegotiation-02.… Internet-Drafts