 |
 |
 |
 |
|
 |
|
 |
|
 |
|
 |
|
|
|
|
|
|
|
|
|
|
|
|
--On November 19, 2009 22:23:43 +0100 Martin Rex <mrex at sap.com> wrote:
Asking SSLv3 implementations to improve on their extensions-intolerance is still OK. Requiring them to implement generic TLS extensions is not, because it has nothing to do with the problem and is an unnecessary complexity for the fix.
What if we require SSLv3 compatible clientHello and SSLv3 serverHello to list RI first and at least ignore additional extensions, waiving the requirement for full extension support for SSLv3-only implementations?
The we'd have only one way to advertise that the client/server is patched to fix the renegotiation vulnerability, but we reduce the amount of work necessary to fix an SSLv3-only implementation (to the point where it provides the level of security and renegotiate functionality that SSLv3 claimed to provide)?
- Chris