TLS break
Tom Weinstein
tweinst at pacbell.net
Tue Nov 10 17:45:43 EST 2009
Perry E. Metzger wrote:
> I'll point out that in the midst of several current discussions, the
> news of the TLS protocol bug has gone almost unnoticed, even though it
> is by far the most interesting news of recent months.
Perhaps because there have been so many false alarms over the years.
Usually when I hear about an SSL MITM attack, it's really a browser UI
spoofing attack with a bogus cert.
This is the first attack against TLS that I consider to be the real
deal. To really fix it is going to require a change to all affected
clients and servers. Fortunately, Eric Rescorla has a protocol extension
that appears to do the job.
--
Give a man a fire and he's warm for a day, but set | Tom Weinstein
him on fire and he's warm for the rest of his life.| tweinst at pacbell.net
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list