Clemens Hlauschek <clemens.hlausc...@rise-world.com> writes: >I published a paper today on KCI-attacks in TLS. This might be of interest to >the TLS WG. > >https://www.usenix.org/conference/woot15/workshop-program/presentation/hlauschek
Some comments on this, it looks like it requires a "cert with static (EC)DH key" in order to work, which would mean an X9.42 cert. Since no (public) CA that I know of can handle or issue such certs, this probably provides a reasonable amount of defence against this attack... In terms of the suggested countermeasures: >Set appropriate X509 Key Usage extension for ECDSA and DSS certificates, and >disable specifically the KeyAgreement flag Since the keyUsage flags are widely ignored by implementations, this won't provide the protection that the text implies. Peter. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
