TLS renegotiation MITM

Steve Dispensa dispensa at phonefactor.com
Fri Nov 6 02:24:31 CET 2009


Yes, I'd be glad to. It will take me a couple of days to get to a  
printer/scanner, but meanwhile, if an email can do this, take this as  
my official intent to assign copyright to fsf.

  -Steve

On Nov 5, 2009, at 3:03 PM, "Nikos Mavrogiannopoulos"  
<nmav at gnutls.org> wrote:

> Steve Dispensa wrote:
>> Hi,
>>
>> A colleague and I have released details of a new attack against TLS  
>> in the
>> area of renegotiation. Information is here:
>>
>> http://extendedsubset.com/?p=8
>>
>> During the process of running this bug (and its proposed solution) to
>> ground, I implemented a patch to GNUTLS, attached. There are also  
>> two new
>> files that implement the extension that solves the problem.
>>
>> There is lots of background in the above link, but the one missing  
>> part is
>> the Internet Draft that has been tentatively agreed on by most of  
>> the major
>> vendors (pending IETF action, of course). That draft is what I have
>> implemented, and you should see it posted to the TLS IETF list  
>> tomorrow
>> morning.
>
> Hi thank you for the patch and for identifying the issue as well. I  
> like
> both your patch and the fix itself. Would you be interested in signing
> the copyright assignment papers for FSF?
>
> best regards,
> Nikos





More information about the Gnutls-devel mailing list