Re: Alerts on TLS Renegotiation

Fri, 02 Apr 2010 04:50:33 -0700 

On 04/02/2010 01:37 AM, Daniel Veditz:

SSL is a
building-block and is supposed to guarantee an authenticated,
encrypted, tamper-proof connection to the application layers above.


Yes, obviously I agree with this statement entirely and RFC 5746 fixes that.


You don't know that! Depends on what the client is doing and what
the server is.

   


My argument is, that you know what a client which implements RFC 5746 does.


What if the attack is to make the client connect to an open
redirector on the target site? The client could leak all kinds of
data by sending it to the wrong site.

   


No, that shouldn't work anymore with a RFC 5746 compliant client.


SSLv2 was disabled in Firefox only a short while ago,

     

Three and a half years ago, October 2006 (longer if you count six
months of 2.0 pre-release builds).

   



Phhh....is it really that long ago already? Anyway, it took some ten 
years after the introduction of SSLv3 to turn it off. That's a long time.



Then we would be foolish to toggle the default on that pref any time
soon.

   


Thank you, that's what I wanted to hear.


Why? Those are two separate prefs. The user can easily speak to
servers without rfc 5746 and still refuse unsafe renegotiation.


Correct.


  But
you know this because "Minefield" broke client-auth on your site
with precisely these settings. What's your real point?

   


Exactly that was a warning sign for me about how easy it can break.


99.9% of bank customers will never have their bank go out of
business.

   



Don't say never - Lehman Brothers anyone? And another couple of regional 
banks in the US alone during the last year, actually in the hundreds  :-)



But back to our subject, it also depends on  what the other browser 
vendors will do and when. When I did the risk assessment I came to the 
conclusion that when using an RFC 5746 compliant client, the risk for 
exploiting it, is incredible low. I believe the risks of SSLv2 were 
higher on a practical level.


--
Regards

Signer:  Eddy Nigg, StartCom Ltd.
XMPP:    start...@startcom.org
Blog:    http://blog.startcom.org/
Twitter: http://twitter.com/eddy_nigg

--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto























					Reply via email to