gnutls-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: safe renegotiation bug?


From: Simon Josefsson
Subject: Re: safe renegotiation bug?
Date: Tue, 01 Jun 2010 16:25:48 +0200
User-agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.1 (gnu/linux)

Nikos Mavrogiannopoulos <address@hidden> writes:

> Simon Josefsson wrote:
>
>>>> What do you think about this approach?
>>> As a concept I agree... The only problem might be that
>>> %PARTIAL_RENEGOTIATION might be misleading in client side because it
>>> doesn't really protect from the https renegotiation attack, but this can
>>> be made clear in the documentation. I'll try to check it today.
>> 
>> Right, PARTIAL_RENEGOTIATION is the trade-off approach that is
>> vulnerable to some attacks but at least allows interop to happen.  I
>> think we have some good warning material in the manual already for this.
>> 
>> It would be great if you could make modifications to make this happen.
>> I can update the self tests to make sure it is working as we want it to.
>> Alas I'll be travelling in the next few days, but I'll have some
>> connectivity and can do a 2.9.11 release.
>
> Should be ok now. I needed to make some changes in srn5 in order to
> work. Please check them because I might have not understand what it
> does. It might be better to have a small text that documents what each
> srn?.c is testing for. Otherwise if it fails it is difficult to
> understand why and what went wrong.

Thanks!  I'll take a look later this week -- there is
tests/safe-rengotiation/README which attempts to describe the tests, but
it may not be completely updated.

It may be that some of the srn?.c tests are not relevant any more.

/Simon



reply via email to

[Prev in Thread] Current Thread [Next in Thread]