Re: [TLS] MITM attack on delayed TLS-client auth through renegotiation
Marsh Ray <marsh@extendedsubset.com> Wed, 04 November 2009 22:13 UTC
Return-Path: <marsh@extendedsubset.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8FDE23A68B3 for <tls@core3.amsl.com>; Wed, 4 Nov 2009 14:13:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.283
X-Spam-Level:
X-Spam-Status: No, score=-0.283 tagged_above=-999 required=5 tests=[AWL=2.317, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WtNo6Ilk6cYy for <tls@core3.amsl.com>; Wed, 4 Nov 2009 14:13:24 -0800 (PST)
Received: from mho-01-ewr.mailhop.org (mho-01-ewr.mailhop.org [204.13.248.71]) by core3.amsl.com (Postfix) with ESMTP id 9DC9F3A688D for <tls@ietf.org>; Wed, 4 Nov 2009 14:13:24 -0800 (PST)
Received: from xs01.extendedsubset.com ([69.164.193.58]) by mho-01-ewr.mailhop.org with esmtpa (Exim 4.68) (envelope-from <marsh@extendedsubset.com>) id 1N5o6s-000DG5-7Q for tls@ietf.org; Wed, 04 Nov 2009 22:13:46 +0000
Received: from [127.0.0.1] (localhost [127.0.0.1]) by xs01.extendedsubset.com (Postfix) with ESMTP id 36AAD6674 for <tls@ietf.org>; Wed, 4 Nov 2009 22:13:45 +0000 (UTC)
X-Mail-Handler: MailHop Outbound by DynDNS
X-Originating-IP: 69.164.193.58
X-Report-Abuse-To: abuse@dyndns.com (see http://www.dyndns.com/services/mailhop/outbound_abuse.html for abuse reporting information)
X-MHO-User: U2FsdGVkX1+QxlZ3re26BRwjx9H9aTGUYmSPS3ctKGo=
Message-ID: <4AF1FC99.3040204@extendedsubset.com>
Date: Wed, 04 Nov 2009 16:13:45 -0600
From: Marsh Ray <marsh@extendedsubset.com>
User-Agent: Thunderbird 2.0.0.23 (Windows/20090812)
MIME-Version: 1.0
To: tls@ietf.org
X-Enigmail-Version: 0.96.0
OpenPGP: id=1E36DBF2
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Subject: Re: [TLS] MITM attack on delayed TLS-client auth through renegotiation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Nov 2009 22:13:51 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello TLS, I can confirm the severity of the TLS MITM bug. I've had a working exploit going since the end of August. Steve Dispensa and myself put together (with help of many of course) an industry working group to address it. I think we were successful in producing a preliminary fix, which vendors are in various stages of testing and deployment. We'd agreed to responsibly delay disclosure to give the industry time to coordinate the fix. I've watched with excitement as the TLS Channel Binding work uncovered it. Kudos to Martin Rex for his description of the basic problem. I'll be putting the bulk of our research to this point on my blog this afternoon. http://extendedsubset.com/ This will include documentation, diagrams, packet captures...pretty much everything short of exploit code. I suspect that some relevant industry groups will be releasing some information. Also, the company I work at, PhoneFactor, will probably be doing some type of informational release soon. Regards, Marsh Ray -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) iEYEARECAAYFAkrx/JgACgkQWChJ3x422/LxfwCeKc/UegM9/HSdtv8ymCDnNeOd SI8AnAnVLgwht3K21aHSlAUrjow5QPh+ =dMtp -----END PGP SIGNATURE-----
- [TLS] MITM attack on delayed TLS-client auth thro… Martin Rex
- Re: [TLS] MITM attack on delayed TLS-client auth … Marsh Ray
- Re: [TLS] MITM attack on delayed TLS-client auth … Nicolas Williams