[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [TLS] Comments on TLS identity protection
badra wrote:
>
> > To get widespread deployment, several TLS implementations would
> > have to be updated, e.g. Microsoft Schannel, OpenSSL, Mozilla NSS,
> > JSSE, GnuTLS, etc. Getting any change, no matter how "minimal",
> > to them is not easy.
> >
>
> I don't see the point here. Any TLS feature will require updating TLS
> implementations.
The point is, that by using renegotiation (=double handshake)
to protect the client identity, no code changes are necessary,
this should already work with most of the installed base,
even with many/most pure SSLv3 client implementations.
-Martin
_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls