[prev in list] [next in list] [prev in thread] [next in thread]
List: ietf-tls
Subject: Re: [TLS] Third Option?
From: David-Sarah Hopwood <david-sarah () jacaranda ! org>
Date: 2009-12-18 2:22:58
Message-ID: 4B2AE782.2090002 () jacaranda ! org
[Download RAW message or body]
Kyle Hamilton wrote:
> On Wed, Dec 16, 2009 at 7:25 PM, David-Sarah Hopwood
> <david-sarah@jacaranda.org> wrote:
>>> In short, everyone* needs to patch and disable compatible/insecure mode
>>> as soon as is practical.
>>>
>>> *Except those who can prove that their endpoint cannot renegotiate and
>>> will never be willing to talk to a server that can possibly renegotiate.
>>
>> No, even those.
>>
>> If any server does not patch, it will soon fail to be interoperable with
>> clients that require patched servers.
>
> And if the patches to the server include patches that are not desired
> by the entity running the server?
Then they have at least five options:
- be non-interoperable;
- try to get a backport of just the renegotiation patch from the server
implementors;
- do such a backport, or commission one, if the server code is available;
- patch anyway;
- switch to a different server.
--
David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic