IETF Logo Mail Archive

Re: [TLS] Short notes on TLS RFCs ...

"Christian Huitema" <huitema@huitema.net> Sat, 21 June 2014 04:30 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1885B1A04CD for <tls@ietfa.amsl.com>; Fri, 20 Jun 2014 21:30:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.5
X-Spam-Level:
X-Spam-Status: No, score=-0.5 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1bqyOpDPPWzd for <tls@ietfa.amsl.com>; Fri, 20 Jun 2014 21:30:04 -0700 (PDT)
Received: from xsmtp11.mail2web.com (xsmtp11.mail2web.com [168.144.250.181]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DD8491A0248 for <tls@ietf.org>; Fri, 20 Jun 2014 21:30:03 -0700 (PDT)
Received: from [10.5.2.52] (helo=xmail12.myhosting.com) by xsmtp11.mail2web.com with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from <huitema@huitema.net>) id 1WyCwE-0001bA-En for tls@ietf.org; Sat, 21 Jun 2014 00:30:02 -0400
Received: (qmail 1133 invoked from network); 21 Jun 2014 04:30:01 -0000
Received: from unknown (HELO HUITEMA5) (Authenticated-user:_huitema@huitema.net@[24.16.156.113]) (envelope-sender <huitema@huitema.net>) by xmail12.myhosting.com (qmail-ldap-1.03) with ESMTPA for <Michael.Tuexen@lurchi.franken.de>; 21 Jun 2014 04:30:01 -0000
From: Christian Huitema <huitema@huitema.net>
To: 'Robert Ransom' <rransom.8774@gmail.com>, 'Michael Tuexen' <Michael.Tuexen@lurchi.franken.de>
References: <CAAF6GDfWGkZkYxvCHA+fScLzFse8bafDDd91Cgg_i-_UTu-Q0w@mail.gmail.com> <5772B9EF-EDD0-4B3E-A85E-43CCEA199D01@lurchi.franken.de> <CACsn0cn7j0Qh-GJ7JK9Cs-NK9yQLqaz2k900C=D6ZAcbXWEPhQ@mail.gmail.com> <D538F06C-FAC3-4EDC-8EBB-3077BBD66EB8@lurchi.franken.de> <CABqy+so0Ce1b6LGxro32ofZw-n1_U=SSDBG5i3QM6uyLoYxB3g@mail.gmail.com>
In-Reply-To: <CABqy+so0Ce1b6LGxro32ofZw-n1_U=SSDBG5i3QM6uyLoYxB3g@mail.gmail.com>
Date: Fri, 20 Jun 2014 21:29:59 -0700
Message-ID: <02af01cf8d09$77b0eee0$6712cca0$@huitema.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQJXg8qdelqDXI3T9Tole9+VST4PUgFlDyGBAdrKTXwB82QLWAGu6fJEmjP5a9A=
Content-Language: en-us
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/7EuffoY7woZ7yXcyAjt6lmeQwT0
Cc: tls@ietf.org
Subject: Re: [TLS] Short notes on TLS RFCs ...
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 21 Jun 2014 04:30:06 -0000

>> No... You send a large packet (mostly containing padding) and get
>> back a small one (mostly containing the reflected payload)...
>
> ‘Heartbleed’ allowed a party to send a small packet and receive a large reply.

The coding error in Open SSL allowed for that. The specification, on the other hand, specified that the reflected payload could not be larger than the incoming message. If the code had actually implemented the spec, there would be no bug.

-- Christian Huitema

v2.23.0 | Report a Bug | By Email