[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ietf-tls
Subject:    [TLS] I-D ACTION:draft-ietf-tls-renegotiation-02.txt
From:       Internet-Drafts () ietf ! org
Date:       2009-12-16 22:30:02
Message-ID: 20091216223004.693FC3A6A87 () core3 ! amsl ! com
[Download RAW message or body]

A New Internet-Draft is available from the on-line Internet-Drafts 
directories.
This draft is a work item of the Transport Layer Security Working Group of the IETF.

	Title		: Transport Layer Security (TLS) Renegotiation Indication Extension
	Author(s)	: E. Rescorla, N. Oskov, M. Ray, S. Dispensa
	Filename	: draft-ietf-tls-renegotiation-02.txt
	Pages		: 12
	Date		: 2009-12-16
	
SSL and TLS renegotiation are vulnerable to an attack in which the
   attacker forms a TLS connection with the target server, injects
   content of his choice, and then splices in a new TLS connection from
   a client.  The server treats the client's initial TLS handshake as a
   renegotiation and thus believes that the initial data transmitted by
   the attacker is from the same entity as the subsequent client data.
   This specification defines a TLS extension to cryptographically tie
   renegotiations to the TLS connections they are being performed over,
   thus preventing this attack.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-tls-renegotiation-02.txt

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.

["draft-ietf-tls-renegotiation-02.txt" (Message/External-body)]

Content-Type: text/plain
Content-ID: <2009-12-16141714.I-D@ietf.org>



[prev in list] [next in list] [prev in thread] [next in thread]