[TLS] draft-rescorla-tls-renegotiate and MITM resistance

To: "tls at ietf.org" <tls at ietf.org>
Subject: [TLS] draft-rescorla-tls-renegotiate and MITM resistance
From: Yair Elharrar <Yair.Elharrar at audiocodes.com>
Date: Mon, 9 Nov 2009 14:17:24 +0200
Accept-language: en-US
Acceptlanguage: en-US
Delivered-to: tls at core3.amsl.com
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
Thread-index: AcphNpiYsAWri5X4SDqhcfiTfcxkGA==
Thread-topic: draft-rescorla-tls-renegotiate and MITM resistance

The proposed draft is intended to resolve an MITM attack scenario, but is the new extension tamper-resistant?

Since the MITM handles all traffic between the real client and real server, it could add a fake extension to the 2nd ClientHello with its original verify_data, and empty the returned extension in the ServerHello.

In addition, until such time that all clients in the world start supporting this extension (e.g. kiosks in airports), servers will have to support backward compatibility. The MITM can downgrade every client by simply removing the extension from the ClientHello.

        Yair


This email and any files transmitted with it are confidential material. They are intended solely for the use of the designated individual or entity to whom they are addressed. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, use, distribution or copying of this communication is strictly prohibited and may be unlawful.

If you have received this email in error please immediately notify the sender and delete or destroy any copy of this message

Follow-Ups:
- Re: [TLS] draft-rescorla-tls-renegotiate and MITM resistance
  - From: Marsh Ray
- Re: [TLS] draft-rescorla-tls-renegotiate and MITM resistance
  - From: Yoav Nir

Prev by Date: Re: [TLS] TLS or HTTP issue?
Next by Date: Re: [TLS] draft-rescorla-tls-renegotiate and MITM resistance
Previous by thread: [TLS] Implementing https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt
Next by thread: Re: [TLS] draft-rescorla-tls-renegotiate and MITM resistance
Index(es):
- Date
- Thread

[TLS] draft-rescorla-tls-renegotiate and MITM resistance

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.