| |||||||||||||
TLS renegotiation vulnerabilityTLS renegotiation vulnerabilityPosted Nov 23, 2009 8:26 UTC (Mon) by Cyberax (✭ supporter ✭, #52523)In reply to: TLS renegotiation vulnerability by foom Parent article: TLS renegotiation vulnerability
Unfortunately, I've worked with it. And that's why I'm quite sure: wherever ASN.1 goes, destruction and pain follows. Examples: LDAP, SNMP, SSL/TLS, Kerberos.
To be fair, XML canonicalization rules are designed for arbitrary XML. It's possible to simplify them by using a subset of XML. For example, by restricting entities, CDATA and namespace use.
In any case, less complex formats like JSON can be used instead of XML.
(Log in to post comments)
TLS renegotiation vulnerability Posted Nov 23, 2009 13:50 UTC (Mon) by quotemstr (subscriber, #45331) [Link] wherever ASN.1 goes, destruction and pain follows. Examples: LDAP, SNMP, SSL/TLS, Kerberos.You have an interesting definition of "destruction and pain". These protocols are used all over the place and are successful by any measure.
TLS renegotiation vulnerability Posted Nov 23, 2009 15:49 UTC (Mon) by Cyberax (✭ supporter ✭, #52523) [Link]
Do you know how to make a simple request with LDAP? Can you write a simple LDAP Ping using plain sockets?
I can easily do this for HTTP/FTP/SMTP even IMAP. I don't even want to contemplate this for SSL/TLS.
That's the problem, it's impossible to create a simple client for SSL.
|
|||||||||||||