Re: [TLS] draft-rescorla-tls-renegotiate.txt

To: Martin Rex <mrex at sap.com>
Subject: Re: [TLS] draft-rescorla-tls-renegotiate.txt
From: Nicolas Williams <Nicolas.Williams at sun.com>
Date: Fri, 6 Nov 2009 14:03:34 -0600
Cc: tls at ietf.org
Delivered-to: tls at core3.amsl.com
In-reply-to: <200911061959.nA6JxnnB001831 at fs4113.wdf.sap.corp>
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <4AF47F1A.6080502 at pobox.com> <200911061959.nA6JxnnB001831 at fs4113.wdf.sap.corp>
User-agent: Mutt/1.5.7i

On Fri, Nov 06, 2009 at 08:59:49PM +0100, Martin Rex wrote:
> Michael D'Errico wrote:
> > 
> > >    - to describe how to add/implement this fix to each and
> > >      every affected protocol version of the SSL/TLS Family.
> > > 
> > >      I just noticed that SSLv3 does _NOT_ have a "no_renegotiate" alert!
> > >      To me, it looks like the SSLv3 spec does not specify how to
> > >      deny performing a renegotiate.  Which is slightly odd, since
> > >      there are SSLv3 implementations that do not implement renegotiation...
> > 
> > Even more importantly, SSLv3 does not support extensions.
> 
> You're correct.  SSLv3 allows extensions in the ClientHello that
> are to be ignored, but it does not support them in ServerHello.
> 
> Oooops.
> 
> Suggestions?

Stop using SSLv3.  Its end has arrived.

References:
- Re: [TLS] draft-rescorla-tls-renegotiate.txt
  - From: Michael D'Errico
- Re: [TLS] draft-rescorla-tls-renegotiate.txt
  - From: Martin Rex

Prev by Date: Re: [TLS] [oss-security] CVE-2009-3555 for TLS renegotiation MITM attacks
Next by Date: Re: [TLS] TLS renegotiation issue
Previous by thread: Re: [TLS] draft-rescorla-tls-renegotiate.txt
Next by thread: Re: [TLS] draft-rescorla-tls-renegotiate.txt
Index(es):
- Date
- Thread

Re: [TLS] draft-rescorla-tls-renegotiate.txt

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.