Hi Tom, The text I suggested is a bit vague. I like your replacement text.
Joe > > 8.1 DTLS Renegotiation > > > > TLS and DTLS renegotiation may be vulnerable to attacks described in RFC > > 5746. Although RFC 5746 provides a fix for some of the issues, > > renegotiation can still cause problems for applications since connection > > security parameters can change without the application knowing it. > > There for it is RECOMMENDED that renegotiation be disabled for syslog > > over DTLS. If, for some reason, renegotiation is allowed then the > > specification in RFC 5746 MUST be followed and the implementation MUST > > make sure that the connection security parameters do not change during > > renegotiation. > > I think that the last sentence goes too far and should be more like > > " If renegotiation is allowed then the > > specification in RFC 5746 MUST be followed and the implementation MUST > > make sure that the connection still has adequate security and that any > identities extracted from client and serverthe certificates do not change > during > > renegotiation. > > Well, a bit clumsy, but I would like to be specific on those two issues. > They > are nothing to do with the problem that RFC5746 addresses but the work > leading > up to RFC5746 did show that these are related issues with renegotiation. > > Tom Petch > > > > _______________________________________________ > > Syslog mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/syslog _______________________________________________ Syslog mailing list [email protected] https://www.ietf.org/mailman/listinfo/syslog
