* Eddy Nigg: > I believe this to be a mistake for various reasons, but first and > foremost because an attack on a server without compromise of the > client data as well, is basically useless. When a attacker induces > renegotiation at the server, the attacker must have client credentials > in order to act as if he were the original client. Without those > credentials, the attacker would be treated as any other > unauthenticated source. > > When a client (as in our case Firefox) implements RFC 5746, the client > can't be compromised and no data is leaked from the client.
This is factually incorrect. The victim client might still send authentication data to the server which ends up in a different context (because the attacker has preloaded a crafted message prefix into the server), where it is accessible to the attacker and can later be used to impersonante the victim client. I think this has even been demonstrated for the Twitter web service. _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security