"New TLS Attack Lets Attackers Launch Cross-Protocol Attacks Against Secure Sites"

1 view
Skip to first unread message

Mark S. Miller

unread,
Jun 14, 2021, 1:41:36 PMJun 14
to cap-talk, fr...@googlegroups.com

Tony Arcieri

unread,
Jun 15, 2021, 10:24:03 AMJun 15
to cap-...@googlegroups.com, fr...@googlegroups.com
It's ultimately making the case for things like ALPN and SNI.

Although there's much simpler "doctor it hurts when I..." mitigations: don't reuse keys (and also don't use FTPS, but especially don't reuse keys for HTTPS and FTPS)

--
Tony Arcieri
Reply all
Reply to author
Forward
0 new messages