Re: [TLS] draft-rescorla-tls-renegotiate.txt

To: mike-list at pobox.com (Michael D'Errico)
Subject: Re: [TLS] draft-rescorla-tls-renegotiate.txt
From: Martin Rex <mrex at sap.com>
Date: Fri, 6 Nov 2009 20:59:49 +0100 (MET)
Cc: tls at ietf.org
Delivered-to: tls at core3.amsl.com
In-reply-to: <4AF47F1A.6080502 at pobox.com> from "Michael D'Errico" at Nov 6, 9 11:55:06 am
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
Reply-to: mrex at sap.com

Michael D'Errico wrote:
> 
> >    - to describe how to add/implement this fix to each and
> >      every affected protocol version of the SSL/TLS Family.
> > 
> >      I just noticed that SSLv3 does _NOT_ have a "no_renegotiate" alert!
> >      To me, it looks like the SSLv3 spec does not specify how to
> >      deny performing a renegotiate.  Which is slightly odd, since
> >      there are SSLv3 implementations that do not implement renegotiation...
> 
> Even more importantly, SSLv3 does not support extensions.

You're correct.  SSLv3 allows extensions in the ClientHello that
are to be ignored, but it does not support them in ServerHello.

Oooops.

Suggestions?


-Martin

Follow-Ups:
- Re: [TLS] draft-rescorla-tls-renegotiate.txt
  - From: Robert Relyea
- Re: [TLS] draft-rescorla-tls-renegotiate.txt
  - From: Nicolas Williams

References:
- Re: [TLS] draft-rescorla-tls-renegotiate.txt
  - From: Michael D'Errico

Prev by Date: Re: [TLS] draft-rescorla-tls-renegotiate.txt
Next by Date: Re: [TLS] [oss-security] CVE-2009-3555 for TLS renegotiation MITM attacks
Previous by thread: Re: [TLS] draft-rescorla-tls-renegotiate.txt
Next by thread: Re: [TLS] draft-rescorla-tls-renegotiate.txt
Index(es):
- Date
- Thread

Re: [TLS] draft-rescorla-tls-renegotiate.txt

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.