[TLS] I-D Action:draft-mrex-tls-secure-renegotiation-01.txt

Internet-Drafts@ietf.org Thu, 26 November 2009 02:04 UTC

Return-Path: <mrex@sap.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C291D3A67F5 for <tls@core3.amsl.com>; Wed, 25 Nov 2009 18:04:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.277
X-Spam-Level:
X-Spam-Status: No, score=-104.277 tagged_above=-999 required=5 tests=[AWL=1.972, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yv+BBgItir3T for <tls@core3.amsl.com>; Wed, 25 Nov 2009 18:04:38 -0800 (PST)
Received: from smtpde01.sap-ag.de (smtpde01.sap-ag.de [155.56.68.171]) by core3.amsl.com (Postfix) with ESMTP id 08FFB3A67AF for <tls@ietf.org>; Wed, 25 Nov 2009 18:04:37 -0800 (PST)
Received: from mail.sap.corp by smtpde01.sap-ag.de (26) with ESMTP id nAQ24VnK013033 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <tls@ietf.org>; Thu, 26 Nov 2009 03:04:31 +0100 (MET)
X-Original-To: i-d-announce@ietf.org
Delivered-To: i-d-announce@core3.amsl.com
From: Internet-Drafts@ietf.org
Orig-To: i-d-announce@ietf.org
To: tls@ietf.org
Content-Type: Multipart/Mixed; Boundary="NextPart"
Mime-Version: 1.0
Message-Id: <20091126010001.83AD43A6848@core3.amsl.com>
Date: Wed, 25 Nov 2009 17:00:01 -0800
X-BeenThere: i-d-announce@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Sender: mrex@sap.com
Errors-To: i-d-announce-bounces@ietf.org
X-Scanner: Virus Scanner virwal05
X-Scanner: Virus Scanner virwal03
X-SAP: out
Subject: [TLS] I-D Action:draft-mrex-tls-secure-renegotiation-01.txt
X-BeenThere: tls@ietf.org
Reply-To: internet-drafts@ietf.org
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Nov 2009 02:04:41 -0000

A New Internet-Draft is available from the on-line Internet-Drafts directories.

	Title           : Transport Layer Security (TLS) Secure Renegotiation
	Author(s)       : M. Rex
	Filename        : draft-mrex-tls-secure-renegotiation-01.txt
	Pages           : 16
	Date            : 2009-11-25

A protocol design flaw in the TLS renegotiation handshake leaves all
currently implemented protocol version of TLS (SSLv3 to TLSv1.2)
vulnerable to Man-in-the-Middle (MitM) attacks where the attacker can
establish a TLS session with a server, send crafted application data
of his choice to the server and then proxy an unsuspecting client's
TLS handshake into the TLS renegotiation handshake of the server. 
Many applications on top of TLS see the data injected by the attacker
and the data sent by the client as a single data stream and assume
that an authentication during the TLS renegotiation handshake or
contained in the client's application data applies to the entire data
stream received through the TLS-protected communication channel.

This document describes a protocol change for all protocol versions
of TLS plus SSLv3 that will fix this vulnerability for all
communication between updated TLS clients and updated TLS servers.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-mrex-tls-secure-renegotiation-01.txt

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
ftp://ftp.ietf.org/internet-drafts/draft-mrex-tls-secure-renegotiation-01.txt"><ftp://ftp.ietf.org/internet-drafts/draft-mrex-tls-secure-renegotiation-01.txt>
_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt