IETF Logo Mail Archive

Re: [TLS] Comments on

Bill Frantz <frantz@pwpconsult.com> Tue, 18 February 2014 21:49 UTC

Return-Path: <frantz@pwpconsult.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8BBC11A03F0 for <tls@ietfa.amsl.com>; Tue, 18 Feb 2014 13:49:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.6
X-Spam-Level:
X-Spam-Status: No, score=-1.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zI5OJXj9n57Z for <tls@ietfa.amsl.com>; Tue, 18 Feb 2014 13:49:43 -0800 (PST)
Received: from elasmtp-spurfowl.atl.sa.earthlink.net (elasmtp-spurfowl.atl.sa.earthlink.net [209.86.89.66]) by ietfa.amsl.com (Postfix) with ESMTP id D50F21A02B9 for <tls@ietf.org>; Tue, 18 Feb 2014 13:49:42 -0800 (PST)
Received: from [174.234.1.147] (helo=Williams-MacBook-Pro.local) by elasmtp-spurfowl.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from <frantz@pwpconsult.com>) id 1WFsXp-0001iD-O1; Tue, 18 Feb 2014 16:49:38 -0500
Date: Tue, 18 Feb 2014 13:49:36 -0800
From: Bill Frantz <frantz@pwpconsult.com>
To: Niels Möller <nisse@lysator.liu.se>
X-Priority: 3
In-Reply-To: <nnlhx8inp2.fsf@bacon.lysator.liu.se>
Message-ID: <r422Ps-1075i-CC741CAE2962452A87F7B88E5F7DC563@Williams-MacBook-Pro.local>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Mailsmith 2.3.1 (422)
X-ELNK-Trace: 3a5e54fa03f1b3e21aa676d7e74259b7b3291a7d08dfec790745ea710b67ac215d0b58704dc93b67350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 174.234.1.147
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/Z405R0uMOzKgER1qLsaN5anCHzU
Cc: Adam Langley <agl@imperialviolet.org>, tls@ietf.org
Subject: Re: [TLS] Comments on
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Feb 2014 21:49:44 -0000

On 2/18/14 at 4:56 AM, nisse@lysator.liu.se (Niels Möller) wrote:

>Bill Frantz <frantz@pwpconsult.com> writes:
>
>>However, it is a situation that any application that is reading files
>>needs to be prepared to handle. Disk errors and all that...
>
>I think there's a difference between on one hand, truncation due to
>random failures of your own, reasonably trusted, hardware. And on the
>other hand, truncation caused the enemy attacking the communication
>channel for some evil purpose.

 From the point of view of an application, there isn't much 
difference. In both cases, it receives notification from the 
infrastructure that the read couldn't complete because an error occurred.

System managers certainly want to know if they are under attack, 
but even just knowing that there was a MAC verification failure 
is not solidly definitive. There could have been an undetected 
failure in the transmission which only showed up because of the 
MAC failure -- since the MAC is a stronger check than the checks 
in TCP/IP. IF I were that manager, one failure -- be on high 
alert for attackers. Two failures -- try to located the 
attackers and deal with them. :-)


>If we really want to make progress with this discussion, I guess we must
>also distinguish between file types where appending data doesn't change
>the meaning of earlier data (e.g, a typical log file), and file types
>where appending data can change the meaning radically (e.g., consider a
>document format where you can add data at the end of the file which adds
>a mark "this document is fake" on top of every page when the file is
>displayed or printed).

I see no need to make such a distinction at our level. We will 
give the application an error that says we couldn't give it all 
the data. How it handles the error is not our problem. Handling 
this error like any other "couldn't read the rest of the file" 
error seems right in all cases.

Cheers - Bill

---------------------------------------------------------------------------
Bill Frantz        | Re: Computer reliability, performance, and security:
408-356-8506       | The guy who *is* wearing a parachute is 
*not* the
www.pwpconsult.com | first to reach the ground.  - Terence Kelly

v2.23.0 | Report a Bug | By Email