On Fri, Sep 05, 2014 at 12:54:45AM +0200, Benoît Canet wrote:
The Friday 05 Sep 2014 à 00:07:04 (+0200), Wouter Verhelst wrote :
> On Thu, Sep 04, 2014 at 04:19:17PM +0200, Benoît Canet wrote:
> > Prenegociating TLS look like we will accidentaly introduce some security hole.
I was thinking of the fallback to cleartext case.
As a regular developper I am afraid of doing something creative with
cryptography.
STARTTLS-like schemes is not being "creative with cryptography", it's an
accepted way of doing things. Yes, there are pitfalls, but those always
exist; that doesn't mean you should fall into the trap of remaking the
errors HTTP made with HTTPS. It's taken years for HTTPS to be able to
deal with the fact that you couldn't have multiple HTTPS sites on the
same IP; I don't want to go there.
"fallback to cleartext" is a problem, but it should not be too hard to
have crypto be enabled by way of a tri-state variable ("disabled",
"available if client wants it", "required").
--
<Lo-lan-do> Home is where you have to wash the dishes.
-- #debian-devel, Freenode, 2004-09-22