[TLS] I-D Action:draft-ietf-tls-renegotiation-00.txt
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[TLS] I-D Action:draft-ietf-tls-renegotiation-00.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Transport Layer Security Working Group of the IETF.
Title : Transport Layer Security (TLS) Renegotiation Indication Extension
Author(s) : E. Rescorla, et al.
Filename : draft-ietf-tls-renegotiation-00.txt
Pages : 10
Date : 2009-11-19
SSL and TLS renegotiation are vulnerable to an attack in which the
attacker forms a TLS connection with the target server, injects
content of his choice, and then splices in a new TLS connection from
a client. The server treats the client's initial TLS handshake as a
renegotiation and thus believes that the initial data transmitted by
the attacker is from the same entity as the subsequent client data.
This draft defines a TLS extension to cryptographically tie
renegotiations to the TLS connections they are being performed over,
thus preventing this attack.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-tls-renegotiation-00.txt
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
- <ftp://ftp.ietf.org/internet-drafts/draft-ietf-tls-renegotiation-00.txt>
-
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
