+1 On 1. Mai 2014 13:35:19 MESZ, "Hanno Böck" <ha...@hboeck.de> wrote: >On Thu, 1 May 2014 13:26:48 +0200 >"Stephen Henson via RT" <r...@openssl.org> wrote: > >> Ironically it was added as a workaround for another bug. The padding >> extension was believed to have no side effects... obviously that >> isn't true :-( > >Maybe this should teach us a lesson: Adding more and more Workarounds >for broken stuff isn't the way to go forward. The way to go forward is >to fix broken stuff. > >(we have another pretty simliar example - browsers implemented >out-of-protocol downgrades to "fix" broken implementations just to >notice that they introduced downgrade attacks and accidental downgrades >- now there's a proposal for a downgrade protection extension that only >tries to fix a problem we wouldn't have in the first place if people >didn't introduce stupid workarounds for broken stuff) > >-- >Hanno Böck >http://hboeck.de/ > >mail/jabber: ha...@hboeck.de >GPG: BBB51E42
-- Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail gesendet.
