Re: [TLS] Metadiscussion on changes in draft-ietf-tls-renegotiation

Marsh Ray wrote:


No matter how hard I try, I can't find the security problem and I can't find
the interoperability advantage.

Hence, the "MUST abort" requirement seems like an unmotivated restriction.
I'm not saying that we have to change the current draft, I'm just curious to
understand the real benefits of this requirement.


In a sense it allows a consistent definition of the semantics of SCSV:
The presence of SCSV is equivalent to an empty RI extension. Under such
a definition, the presence of multiple conflicting RIs (especially an
empty RI during a renegotiation) is clearly an abort-able offense!


Baloney.

This ludicrous explanation is a silly excuse for a proven technical mistake.

-Martin
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:

Re: [TLS] Metadiscussion on changes in draft-ietf-tls-renegotiation, Steve Checkoway

Next by Date:

Gen-ART LC/TC Review of draft-ietf-ccamp-pc-spc-rsvpte-ext-06, Ben Campbell

Previous by Thread:

Re: [TLS] Metadiscussion on changes in draft-ietf-tls-renegotiation, Marsh Ray

Next by Thread:

Re: [TLS] Metadiscussion on changes in draft-ietf-tls-renegotiation, Steve Checkoway

Indexes:

[Date] [Thread] [Top] [All Lists]