On Fri, Dec 08, 2023 at 05:47:01PM +0000, Salz, Rich wrote: > > Good point. https://github.com/richsalz/tls12-frozen/pull/12 has the > change. I’ll wait until/if this is adopted by the WG to merge it.
Reading through the document, I noticed the following: "To securely deploy TLS 1.2, either renegotiation must be disabled entirely, or this extension must be present." (where this extension means renegotiation_info) Entirely disabling renegotiation is not sufficient to fix the renegotiation issue in TLS 1.2. For fixing the issue, renegotiation_info MUST be required both ways. And then there is the other part to the triple handshake attack where using TLS exporters for authentication without extended_master_secret extension is insecure, even if renegotiation is not supported at all by either side and both sides implement renegotiation_info. And then there is more dangerously flawed stuff, e.g., session tickets (technically an extension). -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
