New attack against TLS

The TLS workgroup in the IETF (Internet Engineering Task Force) is currently heavily engaged in finding a quick solution to the just recently discovered and published attack against TLS using TLS renegotiaion.

The basis of this attack is that TLS allows each party to re-negotiate crypto and authentication at any time. Many current uses of TLS establish a relatively weak and unauthenticated TLS session initially which then is renegotiated to the level of adequate cryptographic strength and authentication once the server is aware of the client request for service. If the man-in-the middle is the one establishing the initial week security context, the attacker may inject a request which causes the server to raise the level of security through renegotiation. After completed re-negotiation with the real client, the server will however use the original request from the attacker in the security context of the renegotiated channel, thinking the request came from the newly authenticated client.

A good description of the attack is provided here: http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html

More information is provided here: Renegotiating_TLS.pdf and Renegotiating_TLS_pd.pdf.

The TLS group in the IETF will discuss a resolution of this attack today (November 12). The slides of the presentation is available here: Renegotiation Vulnerability (PDF).
The current proposed resolution is outlined in the following new draft: http://tools.ietf.org/html/draft-rescorla-tls-renegotiation-00