Martin Rex <m...@sap.com> writes: >BEAST is an attack against Web Browsers (and the abuse known as SSL-VPNs), it >is *NO* attack against TLS
That actually applies to an awful lot of recent attacks on TLS - they're attacks that rely on web software that's actively cooperating with the attacker, not attacks on TLS per se. Similar issues affect numerous attacks on CMS (branded as S/MIME in email) and OpenPGP, they require mail software that actively cooperates with the attacker. For any new attack on a protocol like TLS, you really need a three-stage summary of what's vulnerable: 1. Web-based use of TLS: Pretty much everything. 2. Non-web-based use of TLS: Very little. 3. Non-web-based with a few basic mitigations (EMS, EtM): Nothing, or close to it. Peter. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
