Facebook Facebook FacebookFacebook Get Outlook for iOS<https://aka.ms/o0ukef> ________________________________ From: TLS <tls-boun...@ietf.org> on behalf of Nimrod Aviram <nimrod.avi...@gmail.com> Sent: Wednesday, December 13, 2023 9:49:55 AM To: Ilari Liusvaara <ilariliusva...@welho.com> Cc: TLS@ietf.org <tls@ietf.org> Subject: Re: [TLS] Adoption call for 'TLS 1.2 Feature Freeze'
Hi Ilari, thanks for the clarification! I attempted to correct the text. Would you be willing to review the change? It's here: https://github.com/richsalz/tls12-frozen/commit/a1ce7ede97897e291af44f0c2f4fc225a2ca4447 thanks, Nimrod On Tue, 12 Dec 2023 at 19:22, Ilari Liusvaara <ilariliusva...@welho.com<mailto:ilariliusva...@welho.com>> wrote: On Fri, Dec 08, 2023 at 05:47:01PM +0000, Salz, Rich wrote: > > Good point. https://github.com/richsalz/tls12-frozen/pull/12 has the > change. I’ll wait until/if this is adopted by the WG to merge it. Reading through the document, I noticed the following: "To securely deploy TLS 1.2, either renegotiation must be disabled entirely, or this extension must be present." (where this extension means renegotiation_info) Entirely disabling renegotiation is not sufficient to fix the renegotiation issue in TLS 1.2. For fixing the issue, renegotiation_info MUST be required both ways. And then there is the other part to the triple handshake attack where using TLS exporters for authentication without extended_master_secret extension is insecure, even if renegotiation is not supported at all by either side and both sides implement renegotiation_info. And then there is more dangerously flawed stuff, e.g., session tickets (technically an extension). -Ilari _______________________________________________ TLS mailing list TLS@ietf.org<mailto:TLS@ietf.org> https://www.ietf.org/mailman/listinfo/tls
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
