Re: [TLS] MITM attack on delayed TLS-client auth through renegotiation

To: tls at ietf.org
Subject: Re: [TLS] MITM attack on delayed TLS-client auth through renegotiation
From: Marsh Ray <marsh at extendedsubset.com>
Date: Wed, 04 Nov 2009 16:13:45 -0600
Delivered-to: tls at core3.amsl.com
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
Openpgp: id=1E36DBF2
User-agent: Thunderbird 2.0.0.23 (Windows/20090812)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello TLS,

I can confirm the severity of the TLS MITM bug. I've had a working
exploit going since the end of August.

Steve Dispensa and myself put together (with help of many of course) an
industry working group to address it. I think we were successful in
producing a preliminary fix, which vendors are in various stages of
testing and deployment.

We'd agreed to responsibly delay disclosure to give the industry time to
coordinate the fix. I've watched with excitement as the TLS Channel
Binding work uncovered it. Kudos to Martin Rex for his description of
the basic problem.

I'll be putting the bulk of our research to this point on my blog this
afternoon.
http://extendedsubset.com/
This will include documentation, diagrams, packet captures...pretty much
everything short of exploit code.

I suspect that some relevant industry groups will be releasing some
information.

Also, the company I work at, PhoneFactor, will probably be doing some
type of informational release soon.

Regards,

Marsh Ray
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)

iEYEARECAAYFAkrx/JgACgkQWChJ3x422/LxfwCeKc/UegM9/HSdtv8ymCDnNeOd
SI8AnAnVLgwht3K21aHSlAUrjow5QPh+
=dMtp
-----END PGP SIGNATURE-----

Prev by Date: [TLS] Interest in taking draft-seggelmann-tls-dtls-heartbeat-01 as a working group item
Next by Date: Re: [TLS] RESOLVED (Re: [sasl] lasgt call comments (st Call: draft-altman-tls-channel-bindings (Channel Bindings for TLS) to Proposed Standard))
Previous by thread: Re: [TLS] MITM attack on delayed TLS-client auth through renegotiation
Next by thread: [TLS] Interest in taking draft-seggelmann-tls-dtls-heartbeat-01 as a working group item
Index(es):
- Date
- Thread

Re: [TLS] MITM attack on delayed TLS-client auth through renegotiation

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.