On Thu, 1 May 2014 13:26:48 +0200 "Stephen Henson via RT" <[email protected]> wrote:
> Ironically it was added as a workaround for another bug. The padding > extension was believed to have no side effects... obviously that > isn't true :-( Maybe this should teach us a lesson: Adding more and more Workarounds for broken stuff isn't the way to go forward. The way to go forward is to fix broken stuff. (we have another pretty simliar example - browsers implemented out-of-protocol downgrades to "fix" broken implementations just to notice that they introduced downgrade attacks and accidental downgrades - now there's a proposal for a downgrade protection extension that only tries to fix a problem we wouldn't have in the first place if people didn't introduce stupid workarounds for broken stuff) -- Hanno Böck http://hboeck.de/ mail/jabber: [email protected] GPG: BBB51E42
signature.asc
Description: PGP signature
