On 08/01/2014 01:52 AM, Ryan Sleevi wrote: > On Thu, July 31, 2014 4:31 pm, Ondrej Mikle wrote: >> This is interesting. I checked TLS 1.2 RFC 5246 whether Finished message >> should >> work this way, but I'm not sure. I think you mean that >> "Hash(handshake_messages)" should detect this, right? But it's still just >> hash, >> thus again not authenticated and malleable by a MitM attacker.
[...] > Different clients do this differently - some don't validate certificates > until after the Finished message (most notably, SChannel didn't for some > time under some cases. Likewise, Chrome validates after the Finished > message for non-False Start, and before the Finished message but ALSO > before any app data is sent for the False-Start). [...] > I agree whole-heartedly with Brian that AIA chasing is one of those > "workarounds for the Internet" that makes everything harder to work with > and less predictable, impinges performance, and largely should be > unnecessary for the issues that NSS is concerned about. Thanks for the insight on clients' side validation implementation. I also agree that AIA chasing makes things less predictable. Ondrej _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
