Re: Exploitability of the TLS renegotiation prefix-injection attack

Eddy Nigg Sun, 04 Apr 2010 04:10:11 -0700

On 04/04/2010 01:49 PM, Matt McCutchen:

Which is simply another user input (modifiable by the user).

That's irrelevant.  The Referer is an effective XSRF defense because a
malicious site cannot spoof a Launchpad referrer when sending a request
to Launchpad.


Huuu? And why not?

See this article, section 4.2, conclusion #1:

http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.140.2584&rep=rep1&type=pdf

Where exactly? I haven't see that this information is not subject touser modification.


--
Regards

Signer:  Eddy Nigg, StartCom Ltd.
XMPP:    start...@startcom.org
Blog:    http://blog.startcom.org/
Twitter: http://twitter.com/eddy_nigg

--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Exploitability of the TLS renegotiation prefix-injection attack

Reply via email to