On Mon, Mar 3, 2014 at 3:46 PM, Fedor Brunner <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > > Hi all, > this attack on TLS security may be interesting for XMPP > https://www.imperialviolet.org/2014/03/03/triplehandshake.html > https://secure-resumption.com/#further > > The attacker could modify tls-unique channel binding and affect > SCRAM-SHA-1-PLUS authentication method. > > Fedor > > -----BEGIN PGP SIGNATURE----- > > iQJ8BAEBCgBmBQJTFOo9XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w > ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4QkVFQ0NBRDcyNzU1RTk2RTQwMzlEQjc2 > RTE3NDA5NTQwNTY2M0FEAAoJEG4XQJVAVmOtGjgQAKSYCmaeuv+QGR7jmeVEm4qK > h+O8/N8RF6DdupC+Irr4vwRXO+lN60o0iZQb5dVSr24xGtKoqsL8ayj+LKWV9a/K > jL0gTDDJCCPbwBNk83+sTLsKYp4W2a7a7o/VTWLJH/GJ/Czl6+QYENy8RM5WmkaO > 86g9Jw4XIFj+ed8o6ak7TaPsqfqngxAWzrm1XkJKmO0bqSyqRj9WG3mmKhqwPmHN > 5wt7m1MioGF7qGwJouAswPsTkKFUC69CC3mKePsbM2FmYIhbwIDFTbbiedbct8bg > hEvvQ6E7WTPg2vP06LLV/hLmTADUgATZ2FK15GkA+ntMwXYkkhBX52TsPJM5Kt5v > Jhe49move6FHK8Qt8aNKPDuGor2pnqKUwzUZWc2Wdsz474OsjwG6XUYf39lyjqUr > EVIDVlHDPO3hWGG+jg2ipYpdcvYlTLyf6thAiosfz6glNoOEMn7I+IJBeEcnRZ7r > LshZVRS++JwkloCI3cxGfBjd+6hsBXlKJarHHbeJGzGhubp0h1FYwkCIn/tjKPXD > Lk/EHeBOiDmO0zYCfop75tJ6l9+rHZG0CfOAGWWNHoRjGMYY1V07dDMi7X8LT/iO > OeWjKfW/PQ+2/ZhgnnuNOk0taYmmooG/CqjAdJ16jHcVegPVusfr2mW+ZbaL5jOY > vqe4zuphB1952pbGxlaa > =ccBM > -----END PGP SIGNATURE-----
Responding to this message, because it may have been marked as spam for a lot of folks. Mailman as configured for our mailings lists breaks DKIM signatures, and many folks have run into this. Several messages end up in spam every month. Gmail's behavior in this has been a bit random. This is trivially fixable by setting STRIP_DKIM_SIGNATURE = Yes in the Mailman config, or with a number of more advanced configurations, as documented here: http://wiki.list.org/display/DEV/DKIM -- Waqas Hussain
