Re: [TLS] simplistic renego protection

To: tls at ietf.org
Subject: Re: [TLS] simplistic renego protection
From: Nelson B Bolyard <nelson at bolyard.me>
Date: Thu, 19 Nov 2009 20:49:33 -0800
Delivered-to: tls at core3.amsl.com
In-reply-to: <4B061A0E.3000002 at pobox.com>
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
Organization: Network Security Services
References: <200911182000.nAIK0Qkm013905 at fs4113.wdf.sap.corp> <4B04A792.7040607 at jacaranda.org> <B197003731D4874CA41DE7B446BBA3E829CD28F1 at TK5EX14MBXW653.wingroup.windeploy.ntdev.microsoft.com> <4B059716.6010309 at jacaranda.org> <4B059A60.9000003 at jacaranda.org> <4B060EE2.7020504 at bolyard.me> <4B061A0E.3000002 at pobox.com>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.9.1b1pre) Gecko/20081004 NOT Firefox/2.0 SeaMonkey/2.0a2pre

On 2009-11-19 20:24 PST, Michael D'Errico wrote:
> Nelson B Bolyard wrote:
>> ... what is a "lenient server"?
>> Is it a vulnerable server?
> 
> Yes.
> 
> Some servers apparently cannot function without renegotiation.
> They will need to continue providing service to unpatched
> clients for some amount of time and thus remain vulnerable.
> 
> The solution we publish must make it impossible for a lenient-
> but-patched client and a lenient-but-patched server to be
> successfully attacked by a MitM using the renegotiation bug.

Based on your respective most recent messages in this thread,
I think you and Martin have different definitions of "lenient server".
Please establish a common set of definitions.

Follow-Ups:
- Re: [TLS] simplistic renego protection
  - From: Martin Rex

References:
- Re: [TLS] simplistic renego protection
  - From: Martin Rex
- Re: [TLS] simplistic renego protection
  - From: David-Sarah Hopwood
- Re: [TLS] simplistic renego protection
  - From: David-Sarah Hopwood
- Re: [TLS] simplistic renego protection
  - From: David-Sarah Hopwood
- Re: [TLS] simplistic renego protection
  - From: Nelson B Bolyard
- Re: [TLS] simplistic renego protection
  - From: Michael D'Errico

Prev by Date: Re: [TLS] simplistic renego protection
Next by Date: Re: [TLS] simplistic renego protection
Previous by thread: Re: [TLS] simplistic renego protection
Next by thread: Re: [TLS] simplistic renego protection
Index(es):
- Date
- Thread

Re: [TLS] simplistic renego protection

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.