Hi Ilari, thanks for the clarification! I attempted to correct the text. Would you be willing to review the change? It's here: https://github.com/richsalz/tls12-frozen/commit/a1ce7ede97897e291af44f0c2f4fc225a2ca4447
thanks, Nimrod On Tue, 12 Dec 2023 at 19:22, Ilari Liusvaara <ilariliusva...@welho.com> wrote: > On Fri, Dec 08, 2023 at 05:47:01PM +0000, Salz, Rich wrote: > > > > Good point. https://github.com/richsalz/tls12-frozen/pull/12 has the > > change. I’ll wait until/if this is adopted by the WG to merge it. > > Reading through the document, I noticed the following: > > "To securely deploy TLS 1.2, either renegotiation must be disabled > entirely, or this extension must be present." (where this extension > means renegotiation_info) > > > Entirely disabling renegotiation is not sufficient to fix the > renegotiation issue in TLS 1.2. For fixing the issue, renegotiation_info > MUST be required both ways. > > And then there is the other part to the triple handshake attack where > using TLS exporters for authentication without extended_master_secret > extension is insecure, even if renegotiation is not supported at all > by either side and both sides implement renegotiation_info. > > And then there is more dangerously flawed stuff, e.g., session tickets > (technically an extension). > > > > > -Ilari > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
