Re: FreeBSD Security Advisory FreeBSD-SA-09:15.ssl
"Barry Raveendran Greene" <bgreene@senki.org> writes:
> You will have to wait on the TLS Working Group in the IETF to finish
> if your application needs renegotiation.
The correct anser is:
You will have to perform a threat assessment to determine how likely a
MITM attack is, how serious the consequences would be, whether the
product of these two factors is sufficiently low to justify continued
operation with a flawed protocol, and, should you decide to go on, what
measures can be put in place to mitigate the consequences of an attack.
DES
--=20
Dag-Erling Sm=C3=B8rgrav - des@des.no
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 15 之 20 篇):