Re: [TLS] Another critical problem with RI

To: mike-list at pobox.com (Michael D'Errico)
Subject: Re: [TLS] Another critical problem with RI
From: Martin Rex <mrex at sap.com>
Date: Sat, 21 Nov 2009 02:33:29 +0100 (MET)
Cc: tls at ietf.org
Delivered-to: tls at core3.amsl.com
In-reply-to: <4B072FA6.9050205 at pobox.com> from "Michael D'Errico" at Nov 20, 9 04:09:10 pm
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
Reply-to: mrex at sap.com

Michael D'Errico wrote:
> 
> Michael D'Errico wrote:
> > Here is yet another reason to reject Renegotiation_Info:
>
> It looks like I got scooped by Martin by 4 minutes!  :-)

I'm sorry.  

It seems that you thought about what it would mean to implement
my newest idea (tunneling verify_data into the handshake message hash
through Hello.Random, somewhat similar to what TLS extension RI does)
and realized this problem.

I had just started to change my I-D that I'm working on and
describe the new idea when I stumbled over this problem.

It was somewhat similar when I was trying to explain to Nico
and Larry that they can not simply ignore that channel bindings
don't carry over through TLS renegotiation, when I realized that
TLS renegotiation would therefore be susceptible to MitM attacks.

-Martin

References:
- Re: [TLS] Another critical problem with RI
  - From: Michael D'Errico

Prev by Date: Re: [TLS] merging recent ideas into one new proposal
Next by Date: Re: [TLS] Consensus Call for draft-ietf-tls-renegotiation-00.txt
Previous by thread: Re: [TLS] Another critical problem with RI
Next by thread: Re: [TLS] Another critical problem with RI
Index(es):
- Date
- Thread

Re: [TLS] Another critical problem with RI

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.