[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TLS renegotiation MITM

From: Steve Dispensa
Subject: Re: TLS renegotiation MITM
Date: Thu, 5 Nov 2009 19:24:31 -0600

Yes, I'd be glad to. It will take me a couple of days to get to a printer/scanner, but meanwhile, if an email can do this, take this as my official intent to assign copyright to fsf.


On Nov 5, 2009, at 3:03 PM, "Nikos Mavrogiannopoulos" <address@hidden> wrote:

Steve Dispensa wrote:

A colleague and I have released details of a new attack against TLS in the
area of renegotiation. Information is here:

During the process of running this bug (and its proposed solution) to
ground, I implemented a patch to GNUTLS, attached. There are also two new
files that implement the extension that solves the problem.

There is lots of background in the above link, but the one missing part is the Internet Draft that has been tentatively agreed on by most of the major
vendors (pending IETF action, of course). That draft is what I have
implemented, and you should see it posted to the TLS IETF list tomorrow

Hi thank you for the patch and for identifying the issue as well. I like
both your patch and the fix itself. Would you be interested in signing
the copyright assignment papers for FSF?

best regards,

reply via email to

[Prev in Thread] Current Thread [Next in Thread]