[TLS] Rizzo claims implementation attach, should be interesting

To: tls at ietf.org
Subject: [TLS] Rizzo claims implementation attach, should be interesting
From: Tim Dierks <tim at dierks.org>
Date: Sat, 10 Sep 2011 12:41:11 -0400
Delivered-to: tls at ietfa.amsl.com
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:from:date:x-google-sender-auth:message-id :subject:to:content-type; bh=wrD4BvRFElLAh6bDE2bKvaQ04lEqvqsVx8qrGgXnnYM=; b=SsGwAoXjdxCL+vg+BLrkjDeLKkEvK8zNZ0jOpFekrkgU4vofOThf5kEVfSqot+sM9v Qm7hBzRYMtHAUutur2bjCNOug4OA69fre8340QeZDxQTX9YhjnMblSbu3Rv0Wm3HLhQO wrunaqBKtIHNjkkpFqpDd1DQ2NS6gyeo0noLs=
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
Sender: tdierks at gmail.com

Does anyone have any ideas what Rizzo may be announcing @ ekoparty?

http://www.ekoparty.org/2011/juliano-rizzo.php

BEAST: Surprising crypto attack against HTTPS

We present a new fast block-wise chosen-plaintext attack against SSL/TLS. We also describe one application of the attack that allows an adversary to efficiently decrypt and obtain authentication tokens and cookies from HTTPS requests. Our exploit abuses a vulnerability present in the SSL/TLS implementation of major Web browsers at the time of writing.

- Tim

Follow-Ups:
- Re: [TLS] Rizzo claims implementation attach, should be interesting
  - From: Martin Rex
- Re: [TLS] Rizzo claims implementation attach, should be interesting
  - From: Peter Gutmann

Prev by Date: [TLS] OBC and logout (Re: TLS-OBC proposal)
Next by Date: Re: [TLS] Rizzo claims implementation attach, should be interesting
Previous by thread: [TLS] OBC and logout (Re: TLS-OBC proposal)
Next by thread: Re: [TLS] Rizzo claims implementation attach, should be interesting
Index(es):
- Date
- Thread

[TLS] Rizzo claims implementation attach, should be interesting

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.