Here are some attacks that don't seem to be covered (maybe because these aren't relevant):
- Not properly checking certificates. (E.g. the "The Most Dangerous Code in the World"-paper) Either completely omitting certificate validation, or using it in completely insecure way (not checking hostnames, not checking for proper anchors, etc...) Sadly common in various non-browser applications (bad programming), extremely common with SMTP (due not being able to propely apply PKI). - Relying on broken channel binding Channel-binding with TLS-EXPORTER or TLS-UNIQUE is broken (issues are closely related to THS). The proposed THS fix would fix this issue if using (EC)DHE. - Triple Hanshake The THS itself. Regarding DTLS, DTLS 1.0 should behave like TLS 1.1 w.r.t. attacks, except that RC4 attacks aren't applicable because the whole algorithm is disallowed. -Ilari _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
