On Dec 2, 2009, at 9:04 AM, Chris Newman wrote:
> This the most time-sensitive and security-critical IETF draft with respect
> to impact on the Internet community that I have seen in 17 years of IETF
This is the part I disagree with.
New extensions to protocols will take years to deploy. There's no getting
SSL/TLS servers that do not depend on renegotiation can disable renegotiations
entirely. They can do this NOW.
SSL/TLS servers that rely on renegotiation only for the upgrade-to-mutual
feature for web servers can disable client-initiated renegotiations, and tweak
their web applications so that the prefix injection doesn't matter. The can do
this NOW. (We did)
The only real case of using renegotiation that I've heard about was identity
protection, where the client connects anonymously first, and then presents the
certificate during the (encrypted) renegotiation. This is probably very rare,
and accounts for a fraction or a percent of SSL use.
So I don't think we should sit on our thumbs or even wait until the next
face-to-face meeting, but whatever the RFC says, it will take years to deploy
on the general Internet. We should hurry, but we shouldn't rush into things.
TLS mailing list