[Ach] Idea: catching old clients with sni

Aaron Zauner azet at azet.org
Tue Nov 12 23:26:38 CET 2013 

I think this is far beyond the scope of this project and paper. Coming up:
language security. [0]

We should keep this to what the paper states: "Applied Crypto Hardening".
Not: How to get rid of annoying technologies and change the web for the
better.


Aaron (Again; on the road - no GPG - no signature :( )

[0] - http://www.youtube.com/watch?v=AqZNebWoqnc
     - http://www.cs.dartmouth.edu/~sergey/langsec/


On Tue, Nov 12, 2013 at 11:18 PM, Adi Kriegisch <adi at kriegisch.at> wrote:

> Hi!
>
> > On 12.11.2013, at 16:51, Adi Kriegisch <adi at kriegisch.at> wrote:
> > > I think this could be a hint for site operators still caring for users
> of
> > > very old browsers. What do you think? Is this worth a hint in our
> paper?
> > Site operators could even disable login forms or other means where users
> submit data in an unsecure way on that fallback host to protect users while
> suggesting an incentive to upgrade their browsers. (Or to bug the IT
> department to do so.)
> Absolutely. But these changes require modifications on application level
> and this is not feasible in many situations. (or worse: introduce
> different weaknesses).
>
> -- Adi
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
>
> iQIVAwUBUoKpTXREfA6phVy/AQLZcg/+NxYO3SbNSL3hUXSR7Xibg2e+M5/innGJ
> 0WpBh/Mn12CJ7hW2nNIhXsScHedhtslrs7AcabMwg1wGl/iGhLhA9lAfkRySYHdN
> kEWsAv9xjIdWRqywBvZAsoA/MOQo8ifCJPtxoyoTN1CjFO3e3GyByfqgapXbD5i/
> yn+sTBeiA2wgw1mONMRW89prcYtpZvxszVVCEHstGeMFSzyQvk+jeW+ADRX4xttC
> BSxz5XZGwS5w8YdEAqxfF85TI6elJEk0uXsn6pcjaNnVX0NwcxSTQKTlulMn/kuJ
> bv1nMhRi27izlmiopW5JftiEs26zrzJKiHQBHGQ5Z3E1GfMHygsR0UvoIuB9+XDO
> WD1V123p0Q4VbqILcuuSeBrPAxnIbkXQLLPLgyKftatl3c7W7nVYmpr8f8aB/2y8
> b+2qsWs+HRL/SdjUVjBSkmU5Mkjrn4sirZp6XpGmSZhvsrrNr65ugDTDVXWYyf20
> ra69F6peBuZ9HOn5NNqNZ2xkSNjCJ3idplqH8TUQcvVtTkVQOJwNBWlHtAH2x6ER
> JRTuWfK77OgqPBrje1XAK0qFTnUDQpz7ueMJjjur0itQ09SrJDpclm9SfJRIg0lZ
> tmhM1ekohZhJvt57xpF5sfm9jHwvb5kCYEephnhsK1CZrxFzmdk5qKMCiW4KsF/B
> UerxPAkTql8=
> =P5Xv
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20131112/f968ce42/attachment.html>

More information about the Ach mailing list