Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 8 Nov 2009 07:10:02 GMT
From:      Eygene Ryabinkin <rea-fbsd@codelabs.ru>
To:        freebsd-bugs@FreeBSD.org
Subject:   Re: bin/140356: [patch] OpenSSL in base: fix CVE-2009-3555
Message-ID:  <200911080710.nA87A2On066337@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/140356; it has been noted by GNATS.

From: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
To: Colin Percival <cperciva@freebsd.org>
Cc: bug-followup@FreeBSD.org, FreeBSD Security Team <secteam@freebsd.org>
Subject: Re: bin/140356: [patch] OpenSSL in base: fix CVE-2009-3555
Date: Sun, 8 Nov 2009 10:00:49 +0300

 Colin, good day.
 
 Sat, Nov 07, 2009 at 04:22:08PM -0800, Colin Percival wrote:
 > Given that this is a rather obscure issue (not many people use client
 > certificates)
 
 Not many?  How you define "many" and what makes you to believe that
 client certificates are not in the wide use for the authentication?
 
 Moreover, the issue isn't lies solely in the clients that use
 certificates -- MITM can prefix the data with the chosen text
 even when client uses no certificates: the talk about per-directory
 authentication was about the case when server initiates renegotiation.
 But client (MITM) can equally initiate the renegotiation and the initial
 HelloRequest from the real client can be used for this.  See "Scenatio:
 Client-initiated renegotiation" from the original paper at
   http://extendedsubset.com/Renegotiating_TLS.pdf
 
 > I'd like to wait until there is more consensus about how this should
 > be fixed -- it may be that the conclusion will be that the approach
 > taken by the OpenSSL team, of disabling renegotiation, is not the
 > right solution.
 
 The general answer is also known: there should be some cryptographical
 binding between renegotiated session chunks.  TLS WG is trying to
 figure out how to do this in the least harmful way.  See, for example,
   https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt
 and thread on the tls@ietf.org
   http://www.ietf.org/mail-archive/web/tls/current/msg03963.html
 -- 
 Eygene
  _                ___       _.--.   #
  \`.|\..----...-'`   `-._.-'_.-'`   #  Remember that it is hard
  /  ' `         ,       __.--'      #  to read the on-line manual
  )/' _/     \   `-_,   /            #  while single-stepping the kernel.
  `-'" `"\_  ,_.-;_.-\_ ',  fsc/as   #
      _.-'_./   {_.'   ; /           #    -- FreeBSD Developers handbook
     {_.-``-'         {_/            #



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200911080710.nA87A2On066337>