Re: Safe renegotiation patch

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Safe renegotiation patch

From:	Nikos Mavrogiannopoulos
Subject:	Re: Safe renegotiation patch
Date:	Mon, 11 Jan 2010 23:11:44 +0100
User-agent:	Thunderbird 2.0.0.23 (X11/20090817)

Steve Dispensa wrote:

>> Why this one is needed? Shouldn't all initial negotiations be accepted
>> and fail only if renegotiation
>> is requested? I believe this was the behavior of your previous patch.
> 
> A totally strict server may not want to allow unpatched clients, since
> those clients are unable to tell if they're being attacked. I defaulted
> it to off to be conservative from a security perspective.

I understand. However this will make the new release non-interoperable
with anything else existing. Thus for now I believe this should be
allowed and at a later point that secure renegotiation is common
practice that should be by default off.

regards,
Nikos

[Prev in Thread]

Current Thread

[Next in Thread]

Safe renegotiation patch, Steve Dispensa, 2010/01/11
- Re: Safe renegotiation patch, Nikos Mavrogiannopoulos, 2010/01/11
  - Re: Safe renegotiation patch, Steve Dispensa, 2010/01/11
    - Re: Safe renegotiation patch, Nikos Mavrogiannopoulos <=

Prev by Date: libtasn1 2.4 release candidate
Next by Date: Renegotiation patch
Previous by thread: Re: Safe renegotiation patch
Next by thread: libtasn1 2.4 release candidate
Index(es):
- Date
- Thread