- From: Anne van Kesteren <annevk@opera.com>
- Date: Sat, 17 Dec 2011 15:11:45 +0100
- To: public-webapps@w3.org
- Cc: "Eric Rescorla" <ekr@rtfm.com>
On Fri, 09 Dec 2011 19:54:31 +0100, Eric Rescorla <ekr@rtfm.com> wrote: > Unfortunately, many servers do not support TLS 1.1, and to make matters > worse, they do so in a way that is not securely verifiable. By which I > mean that an active attacker can force a client/server pair both of > which support TLS 1.1 down to TLS 1.0. This may be detectable in some > way, but not > by TLS's built-in mechanisms. And since the threat model here is an > active attacker, this is a problem. It seems user agents are addressing this issue in general by simply removing support for those servers so we might not have to define anything here and just leave it to the TLS standards: http://my.opera.com/securitygroup/blog/2011/12/11/opera-11-60-and-new-problems-with-some-secure-servers -- Anne van Kesteren http://annevankesteren.nl/
Received on Saturday, 17 December 2011 14:12:26 UTC