Re: [TLS] TLS or HTTP issue?

To: Dean Anderson <dean at av8.com>
Subject: Re: [TLS] TLS or HTTP issue?
From: Florian Weimer <fweimer at bfk.de>
Date: Mon, 09 Nov 2009 07:41:46 +0000
Cc: Eric Rescorla <ekr at rtfm.com>, "tls at ietf.org" <tls at ietf.org>
Delivered-to: tls at core3.amsl.com
In-reply-to: <Pine.LNX.4.44.0911061713270.5276-100000 at citation2.av8.net> (Dean Anderson's message of "Fri\, 6 Nov 2009 17\:29\:23 -0500 \(EST\)")
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <Pine.LNX.4.44.0911061713270.5276-100000 at citation2.av8.net>

* Dean Anderson:

>> Theoretically, this attack can be detected by the server,
>
> Theoretically, I think not.

I was referring to the sketched attack in the previous paragraph.  In
our case, the server could notice the changed client certificate in
the renegotiation and bail out, or disable renegotiation altogether.

-- 
Florian Weimer                <fweimer at bfk.de>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstraße 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99

References:
- Re: [TLS] TLS or HTTP issue?
  - From: Dean Anderson

Prev by Date: Re: [TLS] Implementing https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-rene got iate.txt
Next by Date: [TLS] draft-rescorla-tls-renegotiate and MITM resistance
Previous by thread: Re: [TLS] TLS or HTTP issue?
Next by thread: Re: [TLS] TLS or HTTP issue?
Index(es):
- Date
- Thread

Re: [TLS] TLS or HTTP issue?

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.