On 03/28/2012 03:39 AM, Mohamad Badra wrote:
>
> Weren't it possible to avoid using SCSV in rfc5746?
It would definitely have slowed deployment of the security fix.
> What are the
> requirements to justify exceptional cases there but not here?
Approximately half the world's webservers were vulnerable to a
man-in-the-middle attack, sometimes quite severe.
I invite you to review the full discussion in the list archives starting
about here:
http://www.ietf.org/mail-archive/web/tls/current/msg03928.html- Marsh
_______________________________________________
TLS mailing list
TLS@...
https://www.ietf.org/mailman/listinfo/tls
