Re: [TLS] draft-rescorla-tls-renegotiate and MITM resistance

To: tls at ietf.org
Subject: Re: [TLS] draft-rescorla-tls-renegotiate and MITM resistance
From: David-Sarah Hopwood <david-sarah at jacaranda.org>
Date: Mon, 09 Nov 2009 19:37:46 +0000
Delivered-to: tls at core3.amsl.com
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:sender:message-id:date:from :user-agent:mime-version:to:subject:references:in-reply-to :x-enigmail-version:content-type; bh=Ksxngh3CmZchHij0P8wVjaNjLPIkmERKuVb6CShrTP8=; b=J80u5ZMqtmyvPytyy5AXU5Y6OM+Dw9KB47i5dVTgfW1MwEQ/ufRTX0NPey4JQscPTs jCKJKNJX5Nh5VcSOuv6SCKSRGea6WOB5HsDr2GjJDJp5hJ19S5W1YgEWfbdSpG1X2DIV Fwr2j7Qwj5oO8qg+Mc7dy75UMGwYOTuf84Uh4=
Domainkey-signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=sender:message-id:date:from:user-agent:mime-version:to:subject :references:in-reply-to:x-enigmail-version:content-type; b=Pf2INqbjbci6/mZrqTH18bNHL0H25XXw8SReGQQ5yaH5/g+6YYA1HjZy6PfwZsvGXp C9wluZPfAepKmAiXk5cLbdgWaNw5x4+pYycRP0ZHTXcD12I9kD28KHm18tMFtJJO2701 xiiuJEmQ4FiMbQFqkhH2NA6i+BWCDk1MTX+pg=
In-reply-to: <200911091646.nA9GkW6n008821 at fs4113.wdf.sap.corp>
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <200911091646.nA9GkW6n008821 at fs4113.wdf.sap.corp>
Sender: David-Sarah Hopwood <djhopwood at googlemail.com>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.8.1.3) Gecko/20070326 Thunderbird/2.0.0.0 Mnenhy/0.7.5.666

Martin Rex wrote:
> There may be SSLv3 servers out there that choke on extension data
> in the ClientHello.  But that doesn't mean that one could not
> upgrade SSLv3 servers to support TLS extensions.  The more interesting
> question is IMHO -- which TLS clients will choke when an SSLv3 server
> returns a ServerHello extension?  spec-wise, a ServerHello extension
> is as unusual to SSLv3 as it is to TLSv1.0.

Why would that situation arise? For that to happen, an SSL server
library would have to be upgraded to support extensions but not to
support TLS. Are there any SSL-only libraries being actively
maintained?

-- 
David-Sarah Hopwood  ⚥  http://davidsarah.livejournal.com

Attachment: signature.asc
Description: OpenPGP digital signature

Follow-Ups:
- Re: [TLS] draft-rescorla-tls-renegotiate and MITM resistance
  - From: Yngve N. Pettersen (Developer Opera Software ASA)
- Re: [TLS] draft-rescorla-tls-renegotiate and MITM resistance
  - From: Martin Rex

References:
- Re: [TLS] draft-rescorla-tls-renegotiate and MITM resistance
  - From: Martin Rex

Prev by Date: Re: [TLS] draft-rescorla-tls-renegotiate and MITM resistance
Next by Date: Re: [TLS] draft-rescorla-tls-renegotiate and MITM resistance
Previous by thread: Re: [TLS] draft-rescorla-tls-renegotiate and MITM resistance
Next by thread: Re: [TLS] draft-rescorla-tls-renegotiate and MITM resistance
Index(es):
- Date
- Thread

Re: [TLS] draft-rescorla-tls-renegotiate and MITM resistance

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.