IETF Logo Mail Archive

Re: [TLS] TLSrenego - current summary of semantics and possibilities

Yair Elharrar <Yair.Elharrar@audiocodes.com> Tue, 10 November 2009 20:54 UTC

Return-Path: <Yair.Elharrar@audiocodes.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D83CB3A6907 for <tls@core3.amsl.com>; Tue, 10 Nov 2009 12:54:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.691
X-Spam-Level:
X-Spam-Status: No, score=-0.691 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_ILLEGAL_IP=1.908]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GhbdwLHzCKkr for <tls@core3.amsl.com>; Tue, 10 Nov 2009 12:54:46 -0800 (PST)
Received: from incoming.audiocodes.com (mail1.audiocodes.com [195.189.193.19]) by core3.amsl.com (Postfix) with ESMTP id F3EBE3A62C1 for <tls@ietf.org>; Tue, 10 Nov 2009 12:54:21 -0800 (PST)
Received: from unknown (HELO Mail1.AudioCodes.com) ([10.1.0.13]) by incoming.audiocodes.com with ESMTP; 10 Nov 2009 22:31:32 +0200
Received: from aclmail01.corp.audiocodes.com ([fe80:0000:0000:0000:00d9:1fca:234.186.136.40]) by aclcas.corp.audiocodes.com ([10.1.0.13]) with mapi; Tue, 10 Nov 2009 22:55:21 +0200
From: Yair Elharrar <Yair.Elharrar@audiocodes.com>
To: Steve Dispensa <dispensa@phonefactor.com>
Date: Tue, 10 Nov 2009 22:52:03 +0200
Thread-Topic: [TLS] TLSrenego - current summary of semantics and possibilities
Thread-Index: AcpiPTvXuQF4GNyNjEOph1qMO6f3fAACmwhv
Message-ID: <CE2A65CAAFE55048BA6682475F9A7DBF5EA6E601BA@ACLMAIL01.corp.audiocodes.com>
References: <200911101928.nAAJSGjI020038@fs4113.wdf.sap.corp>, <C71F1D17.251AC%dispensa@phonefactor.com>
In-Reply-To: <C71F1D17.251AC%dispensa@phonefactor.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] TLSrenego - current summary of semantics and possibilities
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Nov 2009 20:54:47 -0000

Steve Dispensa wrote:
>>
>>     Lacking application level re-connect provisions for forward-incompatible
>>     SSL/TLS servers, a TLS client might not want to sent the TLS extension
>>     in the initial ClientHello of a connection.
>
> This was discussed a bit at the Sept. 29 meeting. I had originally suggested
> that the extension need not be present during initial negotiations at all,
> but it was pointed out that network management systems might want to
> inventory patched clients and servers.

This could backfire. It would allow hackers to detect unpatched clients, and focus their attacks on them.


Yair
--

This email and any files transmitted with it are confidential material. They are intended solely for the use of the designated individual or entity to whom they are addressed. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, use, distribution or copying of this communication is strictly prohibited and may be unlawful.

If you have received this email in error please immediately notify the sender and delete or destroy any copy of this message

v2.23.0 | Report a Bug | By Email