[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ietf-tls
Subject:    Re: [TLS] Third Option?
From:       David-Sarah Hopwood <david-sarah () jacaranda ! org>
Date:       2009-12-18 2:22:58
Message-ID: 4B2AE782.2090002 () jacaranda ! org
[Download RAW message or body]


Kyle Hamilton wrote:
> On Wed, Dec 16, 2009 at 7:25 PM, David-Sarah Hopwood
> <david-sarah@jacaranda.org> wrote:
>>> In short, everyone* needs to patch and disable compatible/insecure mode
>>> as soon as is practical.
>>>
>>> *Except those who can prove that their endpoint cannot renegotiate and
>>> will never be willing to talk to a server that can possibly renegotiate.
>>
>> No, even those.
>>
>> If any server does not patch, it will soon fail to be interoperable with
>> clients that require patched servers.
> 
> And if the patches to the server include patches that are not desired
> by the entity running the server?

Then they have at least five options:
 - be non-interoperable;
 - try to get a backport of just the renegotiation patch from the server
   implementors;
 - do such a backport, or commission one, if the server code is available;
 - patch anyway;
 - switch to a different server.

-- 
David-Sarah Hopwood  ⚥  http://davidsarah.livejournal.com


["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]