gnutls-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TLS renegotiation MITM


From: Nikos Mavrogiannopoulos
Subject: Re: TLS renegotiation MITM
Date: Thu, 05 Nov 2009 23:05:21 +0200
User-agent: Thunderbird 2.0.0.23 (X11/20090817)

Steve Dispensa wrote:
> Hi,
> 
> A colleague and I have released details of a new attack against TLS in the
> area of renegotiation. Information is here:
> 
> http://extendedsubset.com/?p=8
> 
> During the process of running this bug (and its proposed solution) to
> ground, I implemented a patch to GNUTLS, attached. There are also two new
> files that implement the extension that solves the problem.
> 
> There is lots of background in the above link, but the one missing part is
> the Internet Draft that has been tentatively agreed on by most of the major
> vendors (pending IETF action, of course). That draft is what I have
> implemented, and you should see it posted to the TLS IETF list tomorrow
> morning.

Hi thank you for the patch and for identifying the issue as well. I like
both your patch and the fix itself. Would you be interested in signing
the copyright assignment papers for FSF?

best regards,
Nikos




reply via email to

[Prev in Thread] Current Thread [Next in Thread]