[145058] in cryptography@c2.net mail archive
Re: TLS break
daemon@ATHENA.MIT.EDU (Tom Weinstein)
Tue Nov 10 19:33:05 2009
Date: Tue, 10 Nov 2009 14:45:43 -0800
From: Tom Weinstein <tweinst@pacbell.net>
To: "Perry E. Metzger" <perry@piermont.com>
CC: cryptography@metzdowd.com
In-Reply-To: <87hbt4evnt.fsf@snark.cb.piermont.com>
Perry E. Metzger wrote:
> I'll point out that in the midst of several current discussions, the
> news of the TLS protocol bug has gone almost unnoticed, even though it
> is by far the most interesting news of recent months.
Perhaps because there have been so many false alarms over the years.
Usually when I hear about an SSL MITM attack, it's really a browser UI
spoofing attack with a bogus cert.
This is the first attack against TLS that I consider to be the real
deal. To really fix it is going to require a change to all affected
clients and servers. Fortunately, Eric Rescorla has a protocol extension
that appears to do the job.
--
Give a man a fire and he's warm for a day, but set | Tom Weinstein
him on fire and he's warm for the rest of his life.| tweinst@pacbell.net
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
