Re: Another renegotiation patch

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Another renegotiation patch

From:	Nikos Mavrogiannopoulos
Subject:	Re: Another renegotiation patch
Date:	Fri, 22 Jan 2010 22:41:34 +0100
User-agent:	Thunderbird 2.0.0.23 (X11/20090817)

Daniel Kahn Gillmor wrote:
> On 01/21/2010 03:42 PM, Nikos Mavrogiannopoulos wrote:
>> I was thinking about the safe renegotiation case. Currently with the
>> defaults the client behavior is to drop the connection to servers that
>> do not advertise safe renegotiation... This is quite an inconvenience.
>> How do you think of instead of failing disabling renegotiation for this
>> session? I think this will prevent a lot of people from completely
>> disabling safe renegotiation and only disables the part of the protocol
>> that isn't secure..
> 
> The problem, as i understand it, is that the client is incapable of
> telling whether the plaintext prefix injection attack has already
> happened.  I don't think disabling renegotiation for the session
> resolves the problem.

Ooops. I just reverted my previous change and added NEWS entries.

regards,
Nikos

[Prev in Thread]

Current Thread

[Next in Thread]

Another renegotiation patch, Steve Dispensa, 2010/01/19
- Re: Another renegotiation patch, Nikos Mavrogiannopoulos, 2010/01/19
- Re: Another renegotiation patch, Nikos Mavrogiannopoulos, 2010/01/21
  - Re: Another renegotiation patch, Daniel Kahn Gillmor, 2010/01/22
    - Re: Another renegotiation patch, Steve Dispensa, 2010/01/22
    - Re: Another renegotiation patch, Daniel Kahn Gillmor, 2010/01/22
    - Re: Another renegotiation patch, Nikos Mavrogiannopoulos <=
  - Re: Another renegotiation patch, Steve Dispensa, 2010/01/22

Prev by Date: Re: Another renegotiation patch
Next by Date: Re: gnutls 2.8.6 release candidate
Previous by thread: Re: Another renegotiation patch
Next by thread: Re: Another renegotiation patch
Index(es):
- Date
- Thread