[prev in list] [next in list] [prev in thread] [next in thread]
List: ietf-tls
Subject: [TLS] I-D ACTION:draft-ietf-tls-renegotiation-02.txt
From: Internet-Drafts () ietf ! org
Date: 2009-12-16 22:30:02
Message-ID: 20091216223004.693FC3A6A87 () core3 ! amsl ! com
[Download RAW message or body]
A New Internet-Draft is available from the on-line Internet-Drafts
directories.
This draft is a work item of the Transport Layer Security Working Group of the IETF.
Title : Transport Layer Security (TLS) Renegotiation Indication Extension
Author(s) : E. Rescorla, N. Oskov, M. Ray, S. Dispensa
Filename : draft-ietf-tls-renegotiation-02.txt
Pages : 12
Date : 2009-12-16
SSL and TLS renegotiation are vulnerable to an attack in which the
attacker forms a TLS connection with the target server, injects
content of his choice, and then splices in a new TLS connection from
a client. The server treats the client's initial TLS handshake as a
renegotiation and thus believes that the initial data transmitted by
the attacker is from the same entity as the subsequent client data.
This specification defines a TLS extension to cryptographically tie
renegotiations to the TLS connections they are being performed over,
thus preventing this attack.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-tls-renegotiation-02.txt
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
["draft-ietf-tls-renegotiation-02.txt" (Message/External-body)]
Content-Type: text/plain
Content-ID: <2009-12-16141714.I-D@ietf.org>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic