IETF Logo Mail Archive

Re: [radext] WGLC #2 for draft-ietf-radext-dtls-04

Peter Deacon <peterd@iea-software.com> Thu, 04 April 2013 18:20 UTC

Return-Path: <peterd@iea-software.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 12AE821F958A for <radext@ietfa.amsl.com>; Thu, 4 Apr 2013 11:20:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wT9Q3-UBoiC0 for <radext@ietfa.amsl.com>; Thu, 4 Apr 2013 11:20:06 -0700 (PDT)
Received: from aspen.internal.iea-software.com (remote.iea-software.com [70.89.142.196]) by ietfa.amsl.com (Postfix) with ESMTP id 5AFC421F8D1C for <radext@ietf.org>; Thu, 4 Apr 2013 11:20:06 -0700 (PDT)
Received: from SMURF (unverified [10.0.3.195]) by aspen.internal.iea-software.com (Rockliffe SMTPRA 7.0.6) with ESMTP id <B0005878135@aspen.internal.iea-software.com>; Thu, 4 Apr 2013 11:20:05 -0700
Date: Thu, 04 Apr 2013 11:20:00 -0700
From: Peter Deacon <peterd@iea-software.com>
To: Jim Schaad <ietf@augustcellars.com>
In-Reply-To: <011601ce3157$103d4650$30b7d2f0$@augustcellars.com>
Message-ID: <alpine.WNT.2.00.1304041014300.3988@SMURF>
References: <1A5FDF7C-9E93-447E-A103-9700349CB2F5@gmail.com> <alpine.WNT.2.00.1304021450180.3988@SMURF> <515C3604.3040406@deployingradius.com> <tslzjxffzay.fsf@mit.edu> <011601ce3157$103d4650$30b7d2f0$@augustcellars.com>
User-Agent: Alpine 2.00 (WNT 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
Cc: 'Sam Hartman' <hartmans@painless-security.com>, radext@ietf.org, radext-chairs@tools.ietf.org, 'Alan DeKok' <aland@deployingradius.com>
Subject: Re: [radext] WGLC #2 for draft-ietf-radext-dtls-04
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/radext>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Apr 2013 18:20:07 -0000

On Thu, 4 Apr 2013, Jim Schaad wrote:

> While I understand your preference, it does mean that there cannot be a 
> max 4K buffer in a server that supports both DTLS and non-DTLS clients 
> in the UDP processing code.  The UDP processing code does not know if 
> this is a DTLS or a non-DTLS message and thus you can end up in a 
> situation where a 4K buffer is received in the UDP processing code and 
> passed directly to the non-DTLS processing and have a potential buffer 
> overflow.  Using a maximum buffer size on the wire does prevent that 
> problem.

Currently you still need to cross check UDP message length with RADIUS 
packet length fields and apply maximum limits before processing anything. 
Not sure how this would be a problem unless an implementation was already 
insecure.

Nothing prevents use of compression within DTLS to create an inner RADIUS 
packet exceeding 4k so these checks are still necessary regardless of where 
they are handed off.

I don't see anything inherently more dangerous in the design of protocol 
with inner packet limits maintained.  I don't see new validation 
requirements that didn't already exist before.

regards,
Peter

v2.36.0 | Report a Bug | By Email | System Status