Re: [TLS] [oss-security] CVE-2009-3555 for TLS renegotiation MITM attacks

To: ArkanoiD <ark at eltex.net>
Subject: Re: [TLS] [oss-security] CVE-2009-3555 for TLS renegotiation MITM attacks
From: Marsh Ray <marsh at extendedsubset.com>
Date: Sun, 08 Nov 2009 16:32:05 -0600
Cc: oss-security at lists.openwall.com, tls at ietf.org
Delivered-to: tls at core3.amsl.com
In-reply-to: <20091108215443.GA26622 at eltex.net>
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
Openpgp: id=1E36DBF2
References: <0911051520390.27904 at mjc.redhat.com> <Fsm81lMN44X1vIl54+7dGMNZAWM at W35zwFHQJD9TSf5n3XGjbHLrnqQ> <20091108215443.GA26622 at eltex.net>
User-agent: Thunderbird 2.0.0.23 (Windows/20090812)

ArkanoiD wrote:
> BTW renegotiation handshake looks quite similar to initial handshake from
> the client point of view;

Yeah, currently it looks identical.

> is there a way to detect the attack on client side
> and drop the connection?

With draft-rescorla-tls-renegotiate, the new header comes back to the
client on Server Hello, and this notifies the client that the server
believes it's a re-negotation. Even better, it ties it strongly to the
previous session, so legit renegotiations are protected, too.

- Marsh

References:
- Re: [TLS] [oss-security] CVE-2009-3555 for TLS renegotiation MITM attacks
  - From: Eygene Ryabinkin
- Re: [TLS] [oss-security] CVE-2009-3555 for TLS renegotiation MITM attacks
  - From: ArkanoiD

Prev by Date: Re: [TLS] Implementing https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegot iate.txt
Next by Date: Re: [TLS] Implementing https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-rene got iate.txt
Previous by thread: Re: [TLS] [oss-security] CVE-2009-3555 for TLS renegotiation MITM attacks
Next by thread: Re: [TLS] draft-rescorla-tls-renegotiate.txt
Index(es):
- Date
- Thread

Re: [TLS] [oss-security] CVE-2009-3555 for TLS renegotiation MITM attacks

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.