The ITEF Network Working Group has already begun drafting a new extension to TLS: Renegotiation Indication.<br><br><a href="https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt">https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt</a><br>
--<br>Marcus Griep<br>——<br>Ακακια את.ψο´, 3°<br>
<br><br><div class="gmail_quote">On Thu, Nov 5, 2009 at 2:10 PM, Marcus Griep <span dir="ltr"><<a href="mailto:tormaster@xpdm.us">tormaster@xpdm.us</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Don't know if any one else has seen or taken a look at this. I don't know if this affects Tor, though I believe that we do use certificate renegotiation in the protocol, and that is the entry vector for this particular vulnerability:<br>
<br>"TLS Man-in-the-middle on renegotiation vulnerability made public"<br><a href="http://isc.sans.org/diary.html?storyid=7534" target="_blank">http://isc.sans.org/diary.html?storyid=7534</a><br clear="all"><font color="#888888">--<br>
Marcus Griep<br>
——<br>Ακακια את.ψο´, 3°<br>
</font></blockquote></div><br>