Is there an attack based on the TLS Heartbeat, and if so, should it be included?
I see references on the TLS list that 'Heartbeat is dead' without any further explanation, and I assume that that is because it enables an attack. At the same time, there are application protocols that lack a heartbeat protocol and the TLS Heartbeat has been mooted as a solution, so if it does enable an attack, then that is worth recording. Tom Petch ----- Original Message ----- From: "Leif Johansson" <[email protected]> To: <[email protected]> Sent: Monday, August 18, 2014 8:55 AM > > This starts a 2 week working group last call on > draft-ietf-uta-tls-attacks-02. Please send any final comments on the > list by 1/9. > > Leif & Orit > > _______________________________________________ > Uta mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/uta > _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
