Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:72528
Return-Path: <yohgaki@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 72458 invoked from network); 12 Feb 2014 21:42:30 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 12 Feb 2014 21:42:30 -0000
Authentication-Results: pb1.pair.com header.from=yohgaki@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=yohgaki@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.215.50 as permitted sender)
X-PHP-List-Original-Sender: yohgaki@gmail.com
X-Host-Fingerprint: 209.85.215.50 mail-la0-f50.google.com  
Received: from [209.85.215.50] ([209.85.215.50:44645] helo=mail-la0-f50.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 98/79-19387-4CAEBF25 for <internals@lists.php.net>; Wed, 12 Feb 2014 16:42:29 -0500
Received: by mail-la0-f50.google.com with SMTP id ec20so7688088lab.9
        for <internals@lists.php.net>; Wed, 12 Feb 2014 13:42:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc:content-type;
        bh=mYewlkiJhE/zvL+j0K79I7oRF/sKXXnswOPxcvubnKI=;
        b=Claq6TJe/ygOiwdUE9mOTpTU5gOfcIFfVn1WZSAZuKih3IGwYksntOuByHOUqrcYeD
         oire47L9ATxYblobjokK8mRI/zCyKC9Wm0w8x8d/7No6p5mlziXYpehegijN2TFZMp+j
         0ZcgyCGYXVZbHAGmBTQaEjdmZRsilsK8fx9tsmVEv5UbdUH/PtB3TaIRyyxuFI+bjW7D
         f2cgcdaXFa616WOiL6snrVSjvivp3yGjcysrgusELMwdb/QrpUKADanO4m/dSRl+zRH0
         Nkv3dTQH9w9tiQZ7w+7wg7o6KXm3pBFhI35Vn5J6pxMheEGzJ0UPo6WtX5ig3cvhGovr
         XRgA==
X-Received: by 10.152.242.131 with SMTP id wq3mr33433790lac.12.1392241345698;
 Wed, 12 Feb 2014 13:42:25 -0800 (PST)
MIME-Version: 1.0
Sender: yohgaki@gmail.com
Received: by 10.112.199.37 with HTTP; Wed, 12 Feb 2014 13:41:43 -0800 (PST)
In-Reply-To: <CALwr1G=D0fFO0-6xXyxdS1GyT+gkhG-uhOuGf81NuQGV11pvXQ@mail.gmail.com>
References: <CAH8MpnnjTyp=cPBk2BpYF8Rs0x-4kCXw2yWO2pxDuSiiwQ=xDA@mail.gmail.com>
 <CALwr1G=D0fFO0-6xXyxdS1GyT+gkhG-uhOuGf81NuQGV11pvXQ@mail.gmail.com>
Date: Thu, 13 Feb 2014 06:41:43 +0900
X-Google-Sender-Auth: 1ZufV37TyRJ-i2Ruf7gqU0cRygU
Message-ID: <CAGa2bXZ=kymcBAiaBt6CHpjmV-tcyEsbTe1pokHP9pRphoALwQ@mail.gmail.com>
To: =?UTF-8?Q?P=C3=A1draic_Brady?= <padraic.brady@gmail.com>
Cc: Daniel Lowrey <rdlowrey@gmail.com>, "internals@lists.php.net" <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=001a11336ba0da20d004f23c727d
Subject: Re: [PHP-DEV] Future TLS roadmap
From: yohgaki@ohgaki.net (Yasuo Ohgaki)

--001a11336ba0da20d004f23c727d
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Hi all,

On Wed, Feb 12, 2014 at 10:39 PM, P=C3=A1draic Brady <padraic.brady@gmail.c=
om>wrote:

> On 12 February 2014 13:22, Daniel Lowrey <rdlowrey@gmail.com> wrote:
> > FYI, these are things I plan to work on for the post-5.6 timeframe:
> >
> > - Support for SNI in *servers* (currently only supported by clients)
> > - Support for DTLS (datagram client/server encryption)
> > - Mitigating the client-initiated renegotiation DoS vector in TLS serve=
rs
> >
> > Most TLS changes could probably pass as "security fixes" and may be
> > feasible for 5.6 bugfix releases. The alternative is obviously to put
> them
> > in master and wait for 5.7. In any case we can cross that bridge when w=
e
> > get there.
>
> I'd support the renegotiation DOS vector as a current bugfix - it's
> been documented for what, 2 years now since a POC was published?


I'm getting used to delayed security fixes...
+1 for fix it ASAP.

Regards,

--
Yasuo Ohgaki
yohgaki@ohgaki.net

--001a11336ba0da20d004f23c727d--