[Cryptography] Because one TLS bug per month is just not enough
Ben Laurie
ben at links.org
Mon Apr 28 04:54:47 EDT 2014
On 28 April 2014 00:57, Kevin W. Wall <kevin.w.wall at gmail.com> wrote:
> Matthew Green has a good write-up in his blog at
> <http://blog.cryptographyengineering.com/2014/04/attack-of-week-triple-handshakes-3shake.html>
>
> This one appears to affect Apple OS/X and iOS but it
> wouldn't surprise me if other implementations have the
> same issue. Fortunately according to Green, this will have
> much less impact to security than did Heartbleed because
> it only affects seldom used use cases of TLS.
FWIW, this bug was described at IETF in March. The site is dated March
4th. That is, it is nearly 2 months old.
As Matthew says, branding is key.
Also, BTW, it doesn't affect many people: use of client certs is
almost non-existent.
More information about the cryptography
mailing list