Hi Bob,
On 04/02/2010 01:34 AM, Robert Relyea:
When a client (as in our case Firefox) implements RFC 5746, the
client can't be compromised and no data is leaked from the client. I
propose that Firefox should support the RFC 5746 extension
exclusively, but NOT block or warn on accessing servers which don't
support the extension. Any renegotiation attempt to the client will
be ignored and no data is leaked.
Not true. Any client can be compromised as long as it accepts
connections with servers that do not understand RFC 5746. A client
that does SSL3 or TLS and *NEVER* renegotiates can be vulnerable.
I don't have the intention to continue the argument because I've
received already some answers which addressed part of my concerns. But
for the better understanding I'd be interested to know how a client that
doesn't renegotiate can be vulnerable. Are you saying that the client
can leak data without renegotiation?
The only benefit clients have in installing RFC5746 is that servers
that require renegotiation and install the update to provide safe
renegotiation from the server stand point.
I believe the client will also reject any renegotiation attempt
according to the old protocol.
There's a difference. There's a real vulnerability. Expect that time
line to be accellerated for this RFC. (Probably still talk order of
magnitude 1 year, not 1 decade or 1 month).
Realistically that's perhaps more into a few years. Older Apache and
Windows 2003 servers are still widely deployed and will most likely not
be updated. Newer versions will probably receive updates, there will be
always some which never update. Those will be the "your certificates
don't work" ones we'll have to deal with...
They are still talking a broken protocol, and clients need to defend
themselves. It's this fact that allows us to stage deploy. The risk is
pretty low of a compromise.
That's my understanding as well - part of the argument.
We know there are backwaters of conservative people who don't update
their servers. There is a cost associated with that. If they don't
update, no modern browser will be able to talk to them.
From my experience even a share of 1% can prevent the advantage of
better standards. Just think about non-standard domain names in CN
fields or RSA key sizes above 1024 to mention only a few.
This is not a mozilla unilateral decision. It's made in concert with
other browser vendors.
If all parties pull at the same string, this might work. So far this has
seldom worked.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
XMPP: start...@startcom.org
Blog: http://blog.startcom.org/
Twitter: http://twitter.com/eddy_nigg
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
