Re: [TLS] Record layer corner cases

To: home_pw at msn.com (Peter Williams)
Subject: Re: [TLS] Record layer corner cases
From: Martin Rex <martin.rex at sap.com>
Date: Tue, 28 Nov 2006 15:55:51 +0100 (MET)
Cc: tls at ietf.org
In-reply-to: <BAY103-W82F5B536679C37B4BA72F92E60@phx.gbl> from "Peter Williams" at Nov 27, 6 09:46:51 am
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
Reply-to: martin.rex at sap.com

Peter Williams wrote:
> 
> Out of interest Peter and Martin, how well do your software and hardward
> modules handle the following change from SSL v2 to SSL v3, including
> fallback handling as specified by SSL3, and then the TLS fallback
> mechanisms?
>
> "SSL Version 3 supports the transmission and reception of "out of band
> data". Out of band data is normally defined at the TCP/IP protocol level,
> but because of SSL's privacy enhancements and support for block ciphers,
> this becomes difficult to support.

That might be an issue for a generic SSL/TLS toolkit and/or a vendor
implementor thereof.  My employer sells applications and includes
an OEM sslv3 implementation which is used almost exclusively for HTTPS.

I'm not aware that HTTPS specifies a usage of TCP OOB data--and the
document that comes closest to a spec for HTTPS (rfc2818) does not
seem to contain the words "urgent", "out of band" and "OOB".

It might be useful to check whether OOB data has any negative unexpected
side-effects (aka vulnerabilities) besides causing the communication
channel to be closed.

-Martin

_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

References:
- RE: [TLS] Record layer corner cases
  - From: Peter Williams

Prev by Date: Re: [TLS] NIST TLS recomendations (PKCS#1 encryption attacks)
Next by Date: RE: [TLS] Record layer corner cases
Previous by thread: Re: [TLS] Record layer corner cases
Next by thread: RE: [TLS] Record layer corner cases
Index(es):
- Date
- Thread

Re: [TLS] Record layer corner cases

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.