[TLS] DTLS record layer processing
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[TLS] DTLS record layer processing
Dear all,
when DTLS receives a packet is has to do input validation on
the version number and the length given in the record header
and the actual length of the UDP packet.
When should this be done and what should be the action taken
when the checks fail?
There is an implementation out, which considers a version
mismatch or a length given in the record layer which is
larger than allowed by the protocol a fatal error.
This might be OK for TLS, but I think is inacceptable for
DTLS. An attacker only needs to guess the UDP port numbers
and IP addresses and can craft a UDP packet with an illegal
record length field and the DTLS connection is gone.
Also
http://www.ietf.org/internet-drafts/draft-ietf-tls-rfc4347-bis-02.txt
states
In general, DTLS implementations SHOULD silently discard data with
bad MACs. If a DTLS implementation chooses to generate an alert
when
it receives a message with an invalid MAC, it MUST generate a
bad_record_mac alert with level fatal and terminate its connection
state.
If I understand things correctly, this means that as an attacker
I need only to send a UDP packet with a wrong MAC to perform
a DOS attack.
Am I wrong? Any suggestions?
Best regards
Michael
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
