[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: safe renegotiation bug?
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
Re: safe renegotiation bug? |
|
Date: |
Tue, 01 Jun 2010 16:17:50 +0200 |
|
User-agent: |
Thunderbird 2.0.0.24 (X11/20100411) |
Simon Josefsson wrote:
>>> What do you think about this approach?
>> As a concept I agree... The only problem might be that
>> %PARTIAL_RENEGOTIATION might be misleading in client side because it
>> doesn't really protect from the https renegotiation attack, but this can
>> be made clear in the documentation. I'll try to check it today.
>
> Right, PARTIAL_RENEGOTIATION is the trade-off approach that is
> vulnerable to some attacks but at least allows interop to happen. I
> think we have some good warning material in the manual already for this.
>
> It would be great if you could make modifications to make this happen.
> I can update the self tests to make sure it is working as we want it to.
> Alas I'll be travelling in the next few days, but I'll have some
> connectivity and can do a 2.9.11 release.
Should be ok now. I needed to make some changes in srn5 in order to
work. Please check them because I might have not understand what it
does. It might be better to have a small text that documents what each
srn?.c is testing for. Otherwise if it fails it is difficult to
understand why and what went wrong.
regards,
Nikos