On Feb 15 2017, at 7:27 pm, Andrei Popov <andrei.po...@microsoft.com> wrote:
Yes, I agree that it is useful to mention this in the spec.
> While this extension mitigates the man-in-the-middle attack described
in the overview, it does not resolve all possible problems an
application may face if it is unaware of renegotiation. For example,
during renegotiation, either the client or the server can present a
different certificate than was used earlier. This may come as a
surprise to application developers (who might have expected, for
example, that a "getPeerCertificates()" API call returns the same
value if called twice), and might be handled in an insecure way.
A second PR could try to tackle this by adding a new message, for example an "AcknowledgeClientAuthentication" message that the server would send to confirm (or not) the validation of the client certificate. I think this would add a bit of complexity for less "surprise". I'm not too keen on this, and I think this could be added as an extension instead, but I think it would be nice to have to see if it integrates nicely in the current draft.
David
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
