[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TLS renegotiation MITM

From: Nikos Mavrogiannopoulos
Subject: Re: TLS renegotiation MITM
Date: Thu, 05 Nov 2009 23:05:21 +0200
User-agent: Thunderbird (X11/20090817)

Steve Dispensa wrote:
> Hi,
> A colleague and I have released details of a new attack against TLS in the
> area of renegotiation. Information is here:
> During the process of running this bug (and its proposed solution) to
> ground, I implemented a patch to GNUTLS, attached. There are also two new
> files that implement the extension that solves the problem.
> There is lots of background in the above link, but the one missing part is
> the Internet Draft that has been tentatively agreed on by most of the major
> vendors (pending IETF action, of course). That draft is what I have
> implemented, and you should see it posted to the TLS IETF list tomorrow
> morning.

Hi thank you for the patch and for identifying the issue as well. I like
both your patch and the fix itself. Would you be interested in signing
the copyright assignment papers for FSF?

best regards,

reply via email to

[Prev in Thread] Current Thread [Next in Thread]