Re: [TLS] draft-rescorla-tls-renegotiate and MITM resistance
David-Sarah Hopwood <david-sarah@jacaranda.org> Mon, 09 November 2009 19:37 UTC
Return-Path: <djhopwood@googlemail.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0F3B328C1F3 for <tls@core3.amsl.com>; Mon, 9 Nov 2009 11:37:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Sqg6VrHdjgET for <tls@core3.amsl.com>; Mon, 9 Nov 2009 11:37:28 -0800 (PST)
Received: from mail-ew0-f207.google.com (mail-ew0-f207.google.com [209.85.219.207]) by core3.amsl.com (Postfix) with ESMTP id DB34B3A68C1 for <tls@ietf.org>; Mon, 9 Nov 2009 11:37:27 -0800 (PST)
Received: by ewy3 with SMTP id 3so3477982ewy.37 for <tls@ietf.org>; Mon, 09 Nov 2009 11:37:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:sender:message-id:date:from :user-agent:mime-version:to:subject:references:in-reply-to :x-enigmail-version:content-type; bh=Ksxngh3CmZchHij0P8wVjaNjLPIkmERKuVb6CShrTP8=; b=J80u5ZMqtmyvPytyy5AXU5Y6OM+Dw9KB47i5dVTgfW1MwEQ/ufRTX0NPey4JQscPTs jCKJKNJX5Nh5VcSOuv6SCKSRGea6WOB5HsDr2GjJDJp5hJ19S5W1YgEWfbdSpG1X2DIV Fwr2j7Qwj5oO8qg+Mc7dy75UMGwYOTuf84Uh4=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=sender:message-id:date:from:user-agent:mime-version:to:subject :references:in-reply-to:x-enigmail-version:content-type; b=Pf2INqbjbci6/mZrqTH18bNHL0H25XXw8SReGQQ5yaH5/g+6YYA1HjZy6PfwZsvGXp C9wluZPfAepKmAiXk5cLbdgWaNw5x4+pYycRP0ZHTXcD12I9kD28KHm18tMFtJJO2701 xiiuJEmQ4FiMbQFqkhH2NA6i+BWCDk1MTX+pg=
Received: by 10.213.1.28 with SMTP id 28mr3767832ebd.70.1257795469265; Mon, 09 Nov 2009 11:37:49 -0800 (PST)
Received: from ?192.168.0.2? (5e057cdf.bb.sky.com [94.5.124.223]) by mx.google.com with ESMTPS id 5sm2725eyh.42.2009.11.09.11.37.48 (version=TLSv1/SSLv3 cipher=RC4-MD5); Mon, 09 Nov 2009 11:37:48 -0800 (PST)
Sender: David-Sarah Hopwood <djhopwood@googlemail.com>
Message-ID: <4AF86F8A.7090505@jacaranda.org>
Date: Mon, 09 Nov 2009 19:37:46 +0000
From: David-Sarah Hopwood <david-sarah@jacaranda.org>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.8.1.3) Gecko/20070326 Thunderbird/2.0.0.0 Mnenhy/0.7.5.666
MIME-Version: 1.0
To: tls@ietf.org
References: <200911091646.nA9GkW6n008821@fs4113.wdf.sap.corp>
In-Reply-To: <200911091646.nA9GkW6n008821@fs4113.wdf.sap.corp>
X-Enigmail-Version: 0.96.0
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------enig7F162FF9478CA06AEBFC7F86"
Subject: Re: [TLS] draft-rescorla-tls-renegotiate and MITM resistance
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Nov 2009 19:37:29 -0000
Martin Rex wrote: > There may be SSLv3 servers out there that choke on extension data > in the ClientHello. But that doesn't mean that one could not > upgrade SSLv3 servers to support TLS extensions. The more interesting > question is IMHO -- which TLS clients will choke when an SSLv3 server > returns a ServerHello extension? spec-wise, a ServerHello extension > is as unusual to SSLv3 as it is to TLSv1.0. Why would that situation arise? For that to happen, an SSL server library would have to be upgraded to support extensions but not to support TLS. Are there any SSL-only libraries being actively maintained? -- David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com
- [TLS] draft-rescorla-tls-renegotiate and MITM res… Yair Elharrar
- Re: [TLS] draft-rescorla-tls-renegotiate and MITM… Yoav Nir
- Re: [TLS] draft-rescorla-tls-renegotiate and MITM… Marsh Ray
- Re: [TLS] draft-rescorla-tls-renegotiate and MITM… Yoav Nir
- Re: [TLS] draft-rescorla-tls-renegotiate and MITM… Dr Stephen Henson
- Re: [TLS] draft-rescorla-tls-renegotiate and MITM… Yair Elharrar
- Re: [TLS] draft-rescorla-tls-renegotiate and MITM… Yoav Nir
- Re: [TLS] draft-rescorla-tls-renegotiate and MITM… Martin Rex
- Re: [TLS] draft-rescorla-tls-renegotiate and MITM… Martin Rex
- Re: [TLS] draft-rescorla-tls-renegotiate and MITM… Nicolas Williams
- Re: [TLS] draft-rescorla-tls-renegotiate and MITM… David-Sarah Hopwood
- Re: [TLS] draft-rescorla-tls-renegotiate and MITM… David-Sarah Hopwood
- Re: [TLS] draft-rescorla-tls-renegotiate and MITM… Yair Elharrar
- Re: [TLS] draft-rescorla-tls-renegotiate and MITM… Martin Rex
- Re: [TLS] draft-rescorla-tls-renegotiate and MITM… Yngve N. Pettersen (Developer Opera Software ASA)
- Re: [TLS] draft-rescorla-tls-renegotiate and MITM… Marsh Ray
- Re: [TLS] draft-rescorla-tls-renegotiate and MITM… Yoav Nir
- Re: [TLS] draft-rescorla-tls-renegotiate and MITM… Martin Rex
- Re: [TLS] draft-rescorla-tls-renegotiate and MITM… Marsh Ray
- Re: [TLS] draft-rescorla-tls-renegotiate and MITM… Nicolas Williams
- Re: [TLS] draft-rescorla-tls-renegotiate and MITM… Marsh Ray
- Re: [TLS] draft-rescorla-tls-renegotiate and MITM… David-Sarah Hopwood
- Re: [TLS] draft-rescorla-tls-renegotiate and MITM… Michael D'Errico
- Re: [TLS] draft-rescorla-tls-renegotiate and MITM… Nicolas Williams
- Re: [TLS] draft-rescorla-tls-renegotiate and MITM… Marsh Ray
- Re: [TLS] draft-rescorla-tls-renegotiate and MITM… Nicolas Williams
- Re: [TLS] draft-rescorla-tls-renegotiate and MITM… Steve Dispensa
- Re: [TLS] draft-rescorla-tls-renegotiate and MITM… Martin Rex
- Re: [TLS] draft-rescorla-tls-renegotiate and MITM… David-Sarah Hopwood
- Re: [TLS] draft-rescorla-tls-renegotiate and MITM… Martin Rex
- Re: [TLS] draft-rescorla-tls-renegotiate and MITM… Martin Rex
- Re: [TLS] draft-rescorla-tls-renegotiate and MITM… Peter Saint-Andre
- Re: [TLS] draft-rescorla-tls-renegotiate and MITM… Marsh Ray
- Re: [TLS] draft-rescorla-tls-renegotiate and MITM… Yoav Nir
- Re: [TLS] To API or not Bill Frantz
- Re: [TLS] draft-rescorla-tls-renegotiate and MITM… Martin Rex
- Re: [TLS] draft-rescorla-tls-renegotiate and MITM… Michael D'Errico
- Re: [TLS] draft-rescorla-tls-renegotiate and MITM… Martin Rex
- [TLS] RC4+3DES rekeying - long-lived TLS connecti… Martin Rex
- Re: [TLS] RC4+3DES rekeying - long-lived TLS conn… David-Sarah Hopwood
- Re: [TLS] RC4+3DES rekeying - long-lived TLS conn… Peter Saint-Andre