Re: [TLS] Record layer corner cases

To: tls at ietf.org
Subject: Re: [TLS] Record layer corner cases
From: "Kyle Hamilton" <aerowolf at gmail.com>
Date: Mon, 27 Nov 2006 19:10:42 -0700
Cc:
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=tFbjDWTWRBanNhEVpmeKL2pqkly9Q51d84C8j0w0PCUYVS0Dm6ve+MlaiCKf81f1A/Cm3gDPrrkawBoteJ6b6iyQ8U4sJBXsqAkdzH8gNATpMIZ0Eq1D4eGeXxr2nHtElV+5y6LfUYOlHKRznTLJpif/FSCsWETPivvVsU+1Wgg=
In-reply-to: <E1GosGt-000398-00@medusa01.cs.auckland.ac.nz>
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
References: <BAY103-W82F5B536679C37B4BA72F92E60@phx.gbl> <E1GosGt-000398-00@medusa01.cs.auckland.ac.nz>

On 11/27/06, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:

I don't handle it at all, if my code sees OOB data in the middle of a TLS
stream it flags it as a network-level error (my security model is default-
deny).  I've never seen OOB data used and can't imagine why it'd ever be used
except as a potential attack vector targetting corner cases in TLS
implementations.


Evidently you've never used SIGURG, nor seen urgent data sent (that
which causes TCP PSH headers to be generated in BSD-type stacks).  I'd
like to see the discussions from when TCP was designed as to what it
was designed to be used for -- it would seem to be for metadata
involving the connection.  (This is akin to the TLS record protocol
being used to request a rehandshake, since the TLS implementation
consumes those records.)

I would think that such a concept could be useful in modification of
the trust parameters associated with the data stream (specifically,
notification of revocation or expiration of trust parameters would be
a good reason for it).

-Kyle H

_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] Record layer corner cases
  - From: Steven M. Bellovin

References:
- RE: [TLS] Record layer corner cases
  - From: Peter Williams
- RE: [TLS] Record layer corner cases
  - From: Peter Gutmann

Prev by Date: RE: [TLS] Record layer corner cases
Next by Date: Re: [TLS] Record layer corner cases
Previous by thread: RE: [TLS] Record layer corner cases
Next by thread: Re: [TLS] Record layer corner cases
Index(es):
- Date
- Thread

Re: [TLS] Record layer corner cases

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.