'Re: [TLS] I-D ACTION:draft-ietf-tls-renegotiation-03.txt'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ietf-tls
Subject:    Re: [TLS] I-D ACTION:draft-ietf-tls-renegotiation-03.txt
From:       "Robert Dugal" <rdugal () certicom ! com>
Date:       2010-01-06 13:26:01
Message-ID: 7E1DF37F1F42AB4E877E492C308E6AC4031E5E9D () XCH57YKF ! rim ! net
[Download RAW message or body]

In Section 3.2

For ClientHellos which are renegotiating, this field contains the
      "client_verify_data" specified in Section 3.2.

I think this should be a reference to Section 3.1

--
Robert Dugal		Senior Software Developer
Certicom Corp.		A Subsidiary of Research In Motion
rdugal@certicom.com
direct        905.501.3848
fax             905.507.4230
www.certicom.com


-----Original Message-----
From: tls-bounces@ietf.org [mailto:tls-bounces@ietf.org] On Behalf Of \
                Internet-Drafts@ietf.org
Sent: Tuesday, January 05, 2010 6:30 PM
To: i-d-announce@ietf.org
Cc: tls@ietf.org
Subject: [TLS] I-D ACTION:draft-ietf-tls-renegotiation-03.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Transport Layer Security Working Group of the IETF.

	Title		: Transport Layer Security (TLS) Renegotiation Indication Extension
	Author(s)	: E. Rescorla, N. Oskov, M. Ray, S. Dispensa
	Filename	: draft-ietf-tls-renegotiation-03.txt
	Pages		: 14
	Date		: 2010-1-5

SSL and TLS renegotiation are vulnerable to an attack in which the
   attacker forms a TLS connection with the target server, injects
   content of his choice, and then splices in a new TLS connection from
   a client.  The server treats the client's initial TLS handshake as a
   renegotiation and thus believes that the initial data transmitted by
   the attacker is from the same entity as the subsequent client data.
   This specification defines a TLS extension to cryptographically tie
   renegotiations to the TLS connections they are being performed over,
   thus preventing this attack.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-tls-renegotiation-03.txt

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

Below is the data which will enable a MIME compliant mail reader implementation to \
automatically retrieve the ASCII version of the Internet-Draft.

---------------------------------------------------------------------
This transmission (including any attachments) may contain confidential information, \
privileged material (including material protected by the solicitor-client or other \
applicable privileges), or constitute non-public information. Any use of this \
information by anyone other than the intended recipient is prohibited. If you have \
received this transmission in error, please immediately reply to the sender and \
delete this information from your system. Use, dissemination, distribution, or \
reproduction of this transmission by unintended recipients is not authorized and may \
be unlawful.


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic