[email protected]
[Top] [All Lists]

Re: [TLS] Last Call: draft-ietf-tls-renegotiation (Transport Layer Secur

Subject: Re: [TLS] Last Call: draft-ietf-tls-renegotiation (Transport Layer Security (TLS) Renegotiation Indication Extension) to Proposed Standard
From: Yoav Nir
Date: Wed, 2 Dec 2009 11:12:26 +0200
On Dec 2, 2009, at 9:04 AM, Chris Newman wrote:
> This the most time-sensitive and security-critical IETF draft with respect 
> to impact on the Internet community that I have seen in 17 years of IETF 
> participation.  

This is the part I disagree with.

New extensions to protocols will take years to deploy. There's no getting 
around this.

SSL/TLS servers that do not depend on renegotiation can disable renegotiations 
entirely. They can do this NOW.
SSL/TLS servers that rely on renegotiation only for the upgrade-to-mutual 
feature for web servers can disable client-initiated renegotiations, and tweak 
their web applications so that the prefix injection doesn't matter. The can do 
this NOW. (We did)

The only real case of using renegotiation that I've heard about was identity 
protection, where the client connects anonymously first, and then presents the 
certificate during the (encrypted) renegotiation. This is probably very rare, 
and accounts for a fraction or a percent of SSL use.

So I don't think we should sit on our thumbs or even wait until the next 
face-to-face meeting, but whatever the RFC says, it will take years to deploy 
on the general Internet. We should hurry, but we shouldn't rush into things.

TLS mailing list
[email protected]

<Prev in Thread] Current Thread [Next in Thread>