On Thu, 1 May 2014 13:26:48 +0200 "Stephen Henson via RT" <r...@openssl.org> wrote:
> Ironically it was added as a workaround for another bug. The padding > extension was believed to have no side effects... obviously that > isn't true :-( Maybe this should teach us a lesson: Adding more and more Workarounds for broken stuff isn't the way to go forward. The way to go forward is to fix broken stuff. (we have another pretty simliar example - browsers implemented out-of-protocol downgrades to "fix" broken implementations just to notice that they introduced downgrade attacks and accidental downgrades - now there's a proposal for a downgrade protection extension that only tries to fix a problem we wouldn't have in the first place if people didn't introduce stupid workarounds for broken stuff) -- Hanno Böck http://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: BBB51E42
signature.asc
Description: PGP signature