Re: [TLS] Confirming consensus about one

From: Michael D'Errico <mike-list at pobox.com>
To: tls at ietf.org
Cc: ietf at ietf.org
Date: Wed, 27 Jan 2010 10:55:31 -0800
In-reply-to: <201001271718.o0RHI1de023338 at fs4113.wdf.sap.corp>
References: <201001271718.o0RHI1de023338 at fs4113.wdf.sap.corp>

Martin Rex wrote:

Nelson B Bolyard wrote:

What you wrote sounds more like you were expecting "old renegotiation" to
succeed.


Correct, I am expecting that.

That is a configuration option that implementations (hotfixes into
installed base, early during the transition) are likely required
to offer.


In my code, I added three boolean configuration options
which all default to false:

    AllowUnsafeInitialConnect
    AllowRenegotiation
    AllowUnsafeRenegotiation

Hopefully this will make it obvious to people that choosing
the Unsafe options are just that (though the first one will
be needed for a while yet).

Mike

References:
- Re: [TLS] Confirming consensus about one
  - From: Martin Rex

Prev by Date: Re: Metadiscussion on changes in draft-ietf-tls-renegotiation
Next by Date: Re: [TLS] Chatter
Previous by thread: Re: [TLS] Confirming consensus about one
Next by thread: Re: [TLS] Confirming consensus about one draft-ietf-tls-renegotiation detail
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Re: [TLS] Confirming consensus about one

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.