The ITEF Network Working Group has already begun drafting a new extension to TLS: Renegotiation Indication. https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotia... -- Marcus Griep bb NN:N1N:N9N1 WW*.ON?B4, 3B0 On Thu, Nov 5, 2009 at 2:10 PM, Marcus Griep <tormaster@xpdm.us> wrote:

Don't know if any one else has seen or taken a look at this. I don't know if this affects Tor, though I believe that we do use certificate renegotiation in the protocol, and that is the entry vector for this particular vulnerability:

"TLS Man-in-the-middle on renegotiation vulnerability made public" http://isc.sans.org/diary.html?storyid=7534 -- Marcus Griep bb NN:N1N:N9N1 WW*.ON?B4, 3B0

----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE