Re: [TLS] Record layer corner cases

To: "Kyle Hamilton" <aerowolf at gmail.com>
Subject: Re: [TLS] Record layer corner cases
From: "Steven M. Bellovin" <smb at cs.columbia.edu>
Date: Mon, 27 Nov 2006 21:34:44 -0500
Cc: tls at ietf.org
In-reply-to: <6b9359640611271810m673ab64dlb44186bef4306cbe@mail.gmail.com>
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
Organization: Columbia University
References: <BAY103-W82F5B536679C37B4BA72F92E60@phx.gbl> <E1GosGt-000398-00@medusa01.cs.auckland.ac.nz> <6b9359640611271810m673ab64dlb44186bef4306cbe@mail.gmail.com>

On Mon, 27 Nov 2006 19:10:42 -0700
"Kyle Hamilton" <aerowolf at gmail.com> wrote:

> On 11/27/06, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
> 
> > I don't handle it at all, if my code sees OOB data in the middle of
> > a TLS stream it flags it as a network-level error (my security
> > model is default- deny).  I've never seen OOB data used and can't
> > imagine why it'd ever be used except as a potential attack vector
> > targetting corner cases in TLS implementations.
> 
> Evidently you've never used SIGURG, nor seen urgent data sent (that
> which causes TCP PSH headers to be generated in BSD-type stacks).  I'd
> like to see the discussions from when TCP was designed as to what it
> was designed to be used for -- it would seem to be for metadata
> involving the connection.  (This is akin to the TLS record protocol
> being used to request a rehandshake, since the TLS implementation
> consumes those records.)
> 
First, that's not what cause the push bit to be set.  PSH is set when
there's nothing pending to be written.  More precisely, it's set to
zero when a packet is sent and the stack knows that there's nothing
else about to be sent.  Here's the comment and code in NetBSD's
tcp_output.c:

                /*
                 * If we're sending everything we've got, set PUSH.
                 * (This will keep happy those implementations which
only 
                 * give data to the user when a buffer fills or
                 * a PUSH comes in.)
                 */ 
                if (off + len == so->so_snd.sb_cc)
                        flags |= TH_PUSH;

Second, and more important, it was intended to be sent when the user had
hit BREAK on their ASR-35 Teletypes or ATTN on their IBM 2741s -- see
RFC 764.  It was part of the "flush all buffers until the urgent
pointer" mechanism; TCP Urgent is ill-suited to anything else, since
(as is noted in the RFC) multiple urgent pointers pending at the same
time are coalesced.

The only other place I can recall seeing it used was for window size
change notifications in rlogin.  Rlogin did not make suitable provision
(more accurately, did not make any useful provision) for any sort of
connection metadata; the implementors of later versions fell back on
TCP Urgent when it became important to do *something*.


		--Steve Bellovin, http://www.cs.columbia.edu/~smb

_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

References:
- RE: [TLS] Record layer corner cases
  - From: Peter Williams
- RE: [TLS] Record layer corner cases
  - From: Peter Gutmann
- Re: [TLS] Record layer corner cases
  - From: Kyle Hamilton

Prev by Date: Re: [TLS] Record layer corner cases
Next by Date: Re: [TLS] NIST TLS recomendations (PKCS#1 encryption attacks)
Previous by thread: Re: [TLS] Record layer corner cases
Next by thread: Re: [TLS] Record layer corner cases
Index(es):
- Date
- Thread

Re: [TLS] Record layer corner cases

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.