> On 03/28/2012 03:07 PM, Yoav Nir wrote:
>>> Approximately half the world's webservers were vulnerable to a
>>> man-in-the-middle attack, sometimes quite severe.
>> Half? Which half wasn't?
>> Sure, the amount of damage an attacker could do varied: the firewall
>> that I could power down or disable the security policy from would
>> count as a lot of damage, plus any case where money could be stolen,
>> while servers where the attack was not exploitable (because maybe
>> they used randomized ephemeral paths) would count as little damage,
>> but where there actual servers where you could not inject a prefix?
> MS IIS tended to not be vulnerable much of the time because it didn't
> accept client-initiated renegotiation. But it was still vulnerable when
> configured with client certs or certain other checkboxes were set.
> There are probably still other devices around where renegotiation was
> simply not implemented. A lot of https hosts serve nothing but static
> content to the public anyway and would likely not be 'vulnerable' in the
> strict sense.
> So in my head I combined IIS's less-than-half market share with a guess
> about a smaller percentage of other devices and web apps that were (by
> accident) not effectively vulnerable to come up with the ballpark figure
> We could certainly come up with a better number, but why would we need it?
OK. Didn't know that about IIS. I did find that some servers implemented with an old Java library didn't support renegotiation at all, but IIS is a surprise.
TLS mailing list