Re: [TLS] Heartbleed / protocol complexity
"Manger, James" <James.H.Manger@team.telstra.com> Thu, 10 April 2014 02:26 UTC
Return-Path: <James.H.Manger@team.telstra.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2985D1A03AF for <tls@ietfa.amsl.com>; Wed, 9 Apr 2014 19:26:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.297
X-Spam-Level: **
X-Spam-Status: No, score=2.297 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, HELO_EQ_AU=0.377, HOST_EQ_AU=0.327, J_CHICKENPOX_38=0.6, RCVD_IN_DNSWL_NONE=-0.0001, RELAY_IS_203=0.994] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3fls0LRWjuR6 for <tls@ietfa.amsl.com>; Wed, 9 Apr 2014 19:26:02 -0700 (PDT)
Received: from ipxbno.tcif.telstra.com.au (ipxbno.tcif.telstra.com.au [203.35.82.204]) by ietfa.amsl.com (Postfix) with ESMTP id 822161A03B8 for <tls@ietf.org>; Wed, 9 Apr 2014 19:26:02 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.97,830,1389704400"; d="scan'208";a="3268849"
Received: from unknown (HELO ipcbni.tcif.telstra.com.au) ([10.97.216.204]) by ipobni.tcif.telstra.com.au with ESMTP; 10 Apr 2014 12:19:19 +1000
X-IronPort-AV: E=McAfee;i="5400,1158,7403"; a="214260598"
Received: from wsmsg3754.srv.dir.telstra.com ([172.49.40.198]) by ipcbni.tcif.telstra.com.au with ESMTP; 10 Apr 2014 12:25:44 +1000
Received: from WSMSG3153V.srv.dir.telstra.com ([172.49.40.159]) by WSMSG3754.srv.dir.telstra.com ([172.49.40.198]) with mapi; Thu, 10 Apr 2014 12:25:43 +1000
From: "Manger, James" <James.H.Manger@team.telstra.com>
To: Nico Williams <nico@cryptonector.com>
Date: Thu, 10 Apr 2014 12:25:42 +1000
Thread-Topic: [TLS] Heartbleed / protocol complexity
Thread-Index: Ac9UQl/PfL3OoE2wRGm5pklbpR6BswAHOZsQ
Message-ID: <255B9BB34FB7D647A506DC292726F6E11544D90367@WSMSG3153V.srv.dir.telstra.com>
References: <20140409232505.0d6e02b8@hboeck.de> <CAK3OfOju4PB_T+W4ECkLjs0bERFmxs+xQGX=8JMDwArvo0st_Q@mail.gmail.com>
In-Reply-To: <CAK3OfOju4PB_T+W4ECkLjs0bERFmxs+xQGX=8JMDwArvo0st_Q@mail.gmail.com>
Accept-Language: en-US, en-AU
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US, en-AU
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/sCA1PM0R-f8THGDTflZq6A1NB30
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Heartbleed / protocol complexity
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Apr 2014 02:26:04 -0000
> Standard IDL + standard encoding + tooling == this type of problem
> mostly goes away and it's easier to test and fuzz test unit
> components.
>
> TLS has an ad-hoc IDL and encoding, and it IIUC doesn't adhere to its
> own conventions tightly enough that we could now standardize a
> compatible IDL+encoding and develop tooling for it.
>
> To all who have ever poo-poo'ed ASN.1 and friends I now say: you've
> definitevly lost the argument. If you don't like one IDL, use
> another, or develop a new a new one.
I agree Nico.
The heartbeat message involved in this bug is specified in RFC6520 "TLS and DTLS Heartbeat extension" as:
struct {
HeartbeatMessageType type;
uint16 payload_length;
opaque payload[HeartbeatMessage.payload_length];
opaque padding[padding_length];
} HeartbeatMessage;
I think the exact same bytes on the wire would be achieved with the following alternative.
struct {
HeartbeatMessageType type;
opaque payload<0..2^16-1>;
opaque padding[padding_length];
} HeartbeatMessage;
Explicitly indicating a variable-length field with <0..2^16-1> means the a value starts with a length.
I wonder is this change would have made a difference? Do most implementations support variable-length fields automatically with some lower-layer bounds checks? Or do most implementations leave this to heartbeat-specific code?
--
James Manger
- [TLS] Heartbleed / protocol complexity Hanno Böck
- Re: [TLS] Heartbleed / protocol complexity Martin Thomson
- Re: [TLS] Heartbleed / protocol complexity Nico Williams
- Re: [TLS] Heartbleed / protocol complexity Salz, Rich
- Re: [TLS] Heartbleed / protocol complexity Geoffrey Keating
- Re: [TLS] Heartbleed / protocol complexity Nico Williams
- Re: [TLS] Heartbleed / protocol complexity Nico Williams
- Re: [TLS] Heartbleed / protocol complexity Salz, Rich
- Re: [TLS] Heartbleed / protocol complexity Watson Ladd
- Re: [TLS] Heartbleed / protocol complexity Manger, James
- Re: [TLS] Heartbleed / protocol complexity Nikos Mavrogiannopoulos
- Re: [TLS] Heartbleed / protocol complexity Hannes Tschofenig
- Re: [TLS] Heartbleed / protocol complexity Dan Brown
- Re: [TLS] Heartbleed / protocol complexity Watson Ladd
- Re: [TLS] Heartbleed / protocol complexity Hanno Böck
- Re: [TLS] Heartbleed / protocol complexity Martin Rex
- Re: [TLS] Heartbleed / protocol complexity Nico Williams
- Re: [TLS] Heartbleed / protocol complexity Patrick Pelletier
- Re: [TLS] Heartbleed / protocol complexity Bill Frantz