On 12/20/2014 04:15 AM, Phil Pennock wrote: > Probably because the Triple Handshakes Considered Harmful paper from > earlier this year showed that using only the final message for channel > binding was broken and vulnerable, so there are IETF drafts for fixes to > TLS to provide something which actually offers a non-forgeable identity > for channel binding but nothing concrete yet (when I last checked, which > was a little while back now).
Oops, looks like you're right; for some reason I was under the impression that the attack only worked on legacy SSL / poorly implemented TLSv1. I'll double check later, but in the mean time, thanks for the correction. —Sam -- Sam Whited pub 4096R/54083AE104EA7AD3 https://blog.samwhited.com
signature.asc
Description: OpenPGP digital signature