From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=0.2 required=5.0 tests=DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FROM autolearn=no autolearn_force=no version=3.4.4 Received: (qmail 20544 invoked from network); 22 Jan 2023 16:13:39 -0000 Received: from 9front.inri.net (168.235.81.73) by inbox.vuxu.org with ESMTPUTF8; 22 Jan 2023 16:13:39 -0000 Received: from mail-vs1-f52.google.com ([209.85.217.52]) by 9front; Sun Jan 22 11:10:41 -0500 2023 Received: by mail-vs1-f52.google.com with SMTP id k6so10585875vsk.1 for <9front@9front.org>; Sun, 22 Jan 2023 08:10:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=to:subject:message-id:date:from:references:in-reply-to:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=bUI5WUYIkT+rxvo2tOPmYLOMFUvSqzvuQ6IItJDzTWE=; b=nk9Grzk/ZNwlbonDHLPCQ+RlIBc76fv5fXcvyXwIG/oXX43IbJLBOZY/tPNt5Fsc/Z ohxznZPGgKuOndg0XFYbX8Tr7ebWHXHP852Zl2psbe7r0EHg98/noT3HB05X5th/4CUI oiyCea5uMaRRAEdfqDOUEiCkPHZ0iUmu0XXT3BscnA1Cl97v0j4REV9IdaJNlfiW3Aon mMVFX4znfXAQsZTGLV4QPPUEO3Si3QeyQaJ3OtaEKxpQsLPRS/mRI9YgvhMHbi5YKSDY vnMqjUSoBkBNUGNsllOsWSMEQgIPw0qn2hP5hX3HF6sZlpkwroQDdLSc8EABWFQ0QS7F Cx9Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:references:in-reply-to:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=bUI5WUYIkT+rxvo2tOPmYLOMFUvSqzvuQ6IItJDzTWE=; b=xpdV0+92t9x8ZR1EiNUJcwaYuZ1nqchezB3dUHtlllOyWidUIoSBgP3GdvQ+/qj1MD QFn54KdQ6dWS346JJd2tOWRm1/MzwLRcPVFTC5NPS0St1D4PggxBu3nTlwxHRmPf3D1x 6RyX3Y9nnkEqhexultAscjfYkxB3sbgQEulM9UDSArBKHb+KSlm4epP9abHbb0121VJ9 8KoZtPaOaEmLzPCd81Ha8jxPtfyW8imp8YRsZioBUtI5RHDZT7Q4Z6As1aNwSv1YO9wI Fws40n48ygDDq+VqSE3xdpujReWR2HmB3gXe8TKUKg/EQP+m8a9z2aRVml9FeX6RI8bF ti+A== X-Gm-Message-State: AFqh2koIM2UcBc3AWqr28MFWMmxQJSXIFrrj7PxCjjD1eCABUrtCjdEq +o1lxg+jcJY4UMdTiGn8n/H4BP+aRky0KCxhFX5zO5so X-Google-Smtp-Source: AMrXdXtgbzHxUKJoi009h0sQGHoi+dkXhziJBrK+hu1gDEHiarDy0402v0mZMDDQ7oIyueZKtlXF9V8RJKDsnY8aHvc= X-Received: by 2002:a05:6102:1142:b0:3d3:c8bf:8b3 with SMTP id j2-20020a056102114200b003d3c8bf08b3mr3163525vsg.66.1674403837612; Sun, 22 Jan 2023 08:10:37 -0800 (PST) MIME-Version: 1.0 Received: by 2002:ab0:5a66:0:0:0:0:0 with HTTP; Sun, 22 Jan 2023 08:10:37 -0800 (PST) In-Reply-To: References: <87988F72F1C2D20B16DE8DA47FB8C262@alice> From: hiro <23hiro@gmail.com> Date: Sun, 22 Jan 2023 17:10:37 +0100 Message-ID: To: 9front@9front.org Content-Type: text/plain; charset="UTF-8" List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: webscale scale-out descriptor ActivityPub out-scaling event Subject: Re: [9front] [PATCH] libsec: add minimal support for the tls renegotiation extension Reply-To: 9front@9front.org Precedence: bulk > But that doesn't mean the other side (e.g. OpenSSL) knows we > won't initiate a renegotiation. there are many things the other side doesn't know. why does it need to care about that? > there's no way to know a renegotiation will be > secure if it happens. again, there's no way to know a renegotiation will happen in the first place, whether it would theoretically be secure is another issue. > The connection could be under attack. yes, else we would all be saving our time and use straight plaintext over tcp. > Does that make sense? your explanation of their secondary reasoning is good. the original assumptions that led to this extension are still invalid.