W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2011

Re: [XHR] chunked requests

From: Eric Rescorla <ekr@rtfm.com>
Date: Sun, 18 Dec 2011 04:12:57 -0800
Message-ID: <CABcZeBP-q4X3jjx9QH6k_Purkz5KPeobG700w=vZT6YBfCj98A@mail.gmail.com>
To: Anne van Kesteren <annevk@opera.com>
Cc: public-webapps@w3.org
On Sat, Dec 17, 2011 at 6:11 AM, Anne van Kesteren <annevk@opera.com> wrote:
> On Fri, 09 Dec 2011 19:54:31 +0100, Eric Rescorla <ekr@rtfm.com> wrote:
>>
>> Unfortunately, many servers do not support TLS 1.1, and to make matters
>> worse, they do so in a way that is not securely verifiable. By which I
>> mean that an active attacker can force a client/server pair both of which
>> support TLS 1.1 down to TLS 1.0. This may be detectable in some way, but not
>> by TLS's built-in mechanisms. And since the threat model here is an active
>> attacker, this is a problem.
>
>
> It seems user agents are addressing this issue in general by simply removing
> support for those servers so we might not have to define anything here and
> just leave it to the TLS standards:
>
> http://my.opera.com/securitygroup/blog/2011/12/11/opera-11-60-and-new-problems-with-some-secure-servers

Sorry, I forgot to mention the 1/n+1 splitting countermeasure in my response.

With that said, this isn't TLS 1.1, but rather a specific, more
backwards-compatible
countermeasure. It's fine for the security considerations section to say here
that browsers must do either TLS 1.1 or 1/n+1 splitting, but it should say
something, since it's not like 1/n+1 splitting is required by TLS (any version).

-Ekr
Received on Sunday, 18 December 2011 12:14:09 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:49 GMT