2009/11/12 Peter Saint-Andre <stpeter at stpeter.im>: > FYI from the TLS list. > > -------- Original Message -------- > Subject: Re: [TLS] TLS or HTTP issue? > Date: Wed, 11 Nov 2009 15:34:49 -0800 > From: Chris Newman <Chris.Newman at Sun.COM> > To: Peter Saint-Andre <stpeter at stpeter.im>, Nikos > Mavrogiannopoulos <nmav at gnutls.org> > CC: Eric Rescorla <ekr at rtfm.com>, tls at ietf.org > References: <73843DF9-EFCB-4B8D-913E-FE2235E5BDD3 at rtfm.com> > <4AF33D07.7040100 at gnutls.org> <4AF455DF.5040106 at stpeter.im> > > It is likely XMPP is vulnerable. IMAP and SMTP are vulnerable. The only > application protocol I've studied that I believe resists the vulnerability > is POP3+STLS (even pops may be vulnerable). > > I know of two ways to leverage the TLS re-negotiation vulnerability to > attack applications: > > > 2. Having one authorized and authenticated TLS session decrypt data from a > different TLS session. This attack is most severe for SMTP+STARTTLS+BDAT > (since SMTP relays typically treat all senders as authenticated as long as > the recipient is in the local domain), but impacts most application > protocols that have a command to "send", "post", "put", "set an attribute" > or perform any write operation that can subsequently be read back. In the > case of IMAP, this can be used by one authorized IMAP user (someone with an > account on the IMAP server) to potentially steal the login password of > another IMAP user on the same server (with some IMAP client behavior > caveats). > > It is likely that XMPP is vulnerable to attack #2. > I'm curious... are there any references to this form of attack? I've failed to find any mention of it so far. Do I need to join another mailing list? :) Matthew
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.