Tuesday Tweet Thread is a "Today in Infosec" one. It's 10 years since @marshray published one of my favorite TLS/SSL issues, and the best named. The Pizza Attack! Read about it in EKR's blog post from the time: http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html … ...
-
-
TLS1.3 has also cleaned a lot of house, and no longer supports renegotiations at all. This is good because being able to arbitrarily change contexts at the transport layer is way too confusing for applications.
Show this thread -
The attack also informed the design of other security protocols. At AWS, our signed request protocols like SIGv4 are explicitly designed to prevent issues like this from creating security issues.
Show this thread -
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.


