Steve Dispensa <[email protected]> writes: > On 11/10/09 7:22 AM, "Tomas Hoger" <[email protected]> wrote: >>> I think we now have some evidence to suggest GnuTLS needn't do anything >>> about this. It seems any use of rehandshake with GnuTLS is >>> application-specific and then the answer is probably to fix that >>> application instead of GnuTLS. >> >> Is that meant as meant as "no change needed" or "no urgent temporary hotfix >> needed"? Is the implementation of the proposed extension still the >> long-term plan, so that apps needing rehandshakes can do them safely? > > [sorry if I'm late to the game; we had a baby a few days ago and I'm sadly > behind on e-mail and most other things.]
Congratulations! Perfect timing.. ;) > I agree with Tomas. When I wrote up the patch, I noticed that there were a > few impediments to doing renegotiation at all in the way things are > currently implemented (unless I misunderstood, which I always quite > possible). Still, at some point, someone is going to really need the feature > (or decide that the implementation is incomplete without perfect support for > it), and once that happens, the bug will magically appear unless the TLS > extension I supported. > > There's also a good reason to support the extension from an interop > standpoint - servers will want to detect patched clients in the (near?) > future, so sending the extension along will be helpful. Definitely. Given a patch (and copyright assignment) for this, we could add it to the experimental branch today, and once the IANA has allocated a code point it could even be backported into the stable branch. But that would be completely unrelated to fixing any short-term security problem. /Simon _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
