Re: [TLS] TLSrenego - current summary of semantics and possibilities

To: Steve Dispensa <dispensa at phonefactor.com>
Subject: Re: [TLS] TLSrenego - current summary of semantics and possibilities
From: Yair Elharrar <Yair.Elharrar at audiocodes.com>
Date: Tue, 10 Nov 2009 22:52:03 +0200
Accept-language: en-US
Acceptlanguage: en-US
Cc: "tls at ietf.org" <tls at ietf.org>
Delivered-to: tls at core3.amsl.com
In-reply-to: <C71F1D17.251AC%dispensa at phonefactor.com>
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <200911101928.nAAJSGjI020038 at fs4113.wdf.sap.corp>, <C71F1D17.251AC%dispensa at phonefactor.com>
Thread-index: AcpiPTvXuQF4GNyNjEOph1qMO6f3fAACmwhv
Thread-topic: [TLS] TLSrenego - current summary of semantics and possibilities

Steve Dispensa wrote:
>>
>>     Lacking application level re-connect provisions for forward-incompatible
>>     SSL/TLS servers, a TLS client might not want to sent the TLS extension
>>     in the initial ClientHello of a connection.
>
> This was discussed a bit at the Sept. 29 meeting. I had originally suggested
> that the extension need not be present during initial negotiations at all,
> but it was pointed out that network management systems might want to
> inventory patched clients and servers.

This could backfire. It would allow hackers to detect unpatched clients, and focus their attacks on them.

Yair
--

This email and any files transmitted with it are confidential material. They are intended solely for the use of the designated individual or entity to whom they are addressed. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, use, distribution or copying of this communication is strictly prohibited and may be unlawful.

If you have received this email in error please immediately notify the sender and delete or destroy any copy of this message

References:
- [TLS] TLSrenego - current summary of semantics and possibilities
  - From: Martin Rex
- Re: [TLS] TLSrenego - current summary of semantics and possibilities
  - From: Steve Dispensa

Prev by Date: Re: [TLS] TLSrenego - current summary of semantics and possibilities
Next by Date: Re: [TLS] TLSrenego - current summary of semantics and possibilities
Previous by thread: Re: [TLS] TLSrenego - current summary of semantics and possibilities
Next by thread: Re: [TLS] TLSrenego - current summary of semantics and possibilities
Index(es):
- Date
- Thread

Re: [TLS] TLSrenego - current summary of semantics and possibilities

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.