[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: TLS Renegotiation problem
From: |
Simon Josefsson |
Subject: |
Re: TLS Renegotiation problem |
Date: |
Tue, 10 Nov 2009 17:49:28 +0100 |
User-agent: |
Gnus/5.110011 (No Gnus v0.11) Emacs/23.1 (gnu/linux) |
Steve Dispensa <address@hidden> writes:
> On 11/10/09 7:22 AM, "Tomas Hoger" <address@hidden> wrote:
>>> I think we now have some evidence to suggest GnuTLS needn't do anything
>>> about this. It seems any use of rehandshake with GnuTLS is
>>> application-specific and then the answer is probably to fix that
>>> application instead of GnuTLS.
>>
>> Is that meant as meant as "no change needed" or "no urgent temporary hotfix
>> needed"? Is the implementation of the proposed extension still the
>> long-term plan, so that apps needing rehandshakes can do them safely?
>
> [sorry if I'm late to the game; we had a baby a few days ago and I'm sadly
> behind on e-mail and most other things.]
Congratulations! Perfect timing.. ;)
> I agree with Tomas. When I wrote up the patch, I noticed that there were a
> few impediments to doing renegotiation at all in the way things are
> currently implemented (unless I misunderstood, which I always quite
> possible). Still, at some point, someone is going to really need the feature
> (or decide that the implementation is incomplete without perfect support for
> it), and once that happens, the bug will magically appear unless the TLS
> extension I supported.
>
> There's also a good reason to support the extension from an interop
> standpoint - servers will want to detect patched clients in the (near?)
> future, so sending the extension along will be helpful.
Definitely. Given a patch (and copyright assignment) for this, we could
add it to the experimental branch today, and once the IANA has allocated
a code point it could even be backported into the stable branch.
But that would be completely unrelated to fixing any short-term security
problem.
/Simon
- TLS Renegotiation problem, Simon Josefsson, 2009/11/09
- Re: TLS Renegotiation problem, Daniel Kahn Gillmor, 2009/11/09
- Re: TLS Renegotiation problem, Simon Josefsson, 2009/11/10
- Re: TLS Renegotiation problem, Simon Josefsson, 2009/11/10
- Message not available
- Re: TLS Renegotiation problem, Simon Josefsson, 2009/11/10
- Re: TLS Renegotiation problem, Tomas Hoger, 2009/11/10
- Re: TLS Renegotiation problem, Simon Josefsson, 2009/11/10
- Re: TLS Renegotiation problem, Florian Weimer, 2009/11/10
- Re: TLS Renegotiation problem, Tomas Hoger, 2009/11/11
- Message not available
- Re: TLS Renegotiation problem,
Simon Josefsson <=
- Re: TLS Renegotiation problem, Simon Josefsson, 2009/11/17
- Re: TLS Renegotiation problem, Tomas Hoger, 2009/11/18