On Dec 2, 2009, at 9:04 AM, Chris Newman wrote: > > This the most time-sensitive and security-critical IETF draft with respect > to impact on the Internet community that I have seen in 17 years of IETF > participation. This is the part I disagree with. New extensions to protocols will take years to deploy. There's no getting around this. SSL/TLS servers that do not depend on renegotiation can disable renegotiations entirely. They can do this NOW. SSL/TLS servers that rely on renegotiation only for the upgrade-to-mutual feature for web servers can disable client-initiated renegotiations, and tweak their web applications so that the prefix injection doesn't matter. The can do this NOW. (We did) The only real case of using renegotiation that I've heard about was identity protection, where the client connects anonymously first, and then presents the certificate during the (encrypted) renegotiation. This is probably very rare, and accounts for a fraction or a percent of SSL use. So I don't think we should sit on our thumbs or even wait until the next face-to-face meeting, but whatever the RFC says, it will take years to deploy on the general Internet. We should hurry, but we shouldn't rush into things. _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf