Re: [TLS] Record layer corner cases

Bodo Moeller <bmoeller@acm.org> Tue, 28 November 2006 12:22 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gp1yK-0002Zw-OR; Tue, 28 Nov 2006 07:22:00 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gp1yI-0002Wd-SE for tls@ietf.org; Tue, 28 Nov 2006 07:21:58 -0500
Received: from moutng.kundenserver.de ([212.227.126.187]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gp1xt-0004Hn-Az for tls@ietf.org; Tue, 28 Nov 2006 07:21:34 -0500
Received: from [134.147.40.251] (helo=tau.invalid) by mrelayeu.kundenserver.de (node=mrelayeu0) with ESMTP (Nemesis), id 0MKwh2-1Gp1xl42Ep-0001KK; Tue, 28 Nov 2006 13:21:27 +0100
Received: by tau.invalid (Postfix, from userid 1000) id 6A2004D93; Tue, 28 Nov 2006 13:21:25 +0100 (CET)
Date: Tue, 28 Nov 2006 13:21:25 +0100
From: Bodo Moeller <bmoeller@acm.org>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Subject: Re: [TLS] Record layer corner cases
Message-ID: <20061128122125.GC11403@tau.invalid>
References: <BAY103-W82F5B536679C37B4BA72F92E60@phx.gbl> <E1GosGt-000398-00@medusa01.cs.auckland.ac.nz>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <E1GosGt-000398-00@medusa01.cs.auckland.ac.nz>
User-Agent: Mutt/1.5.9i
X-Provags-ID: kundenserver.de abuse@kundenserver.de login:2100a517a32aea841b51dac1f7c5a318
X-Spam-Score: 0.0 (/)
X-Scan-Signature: bb8f917bb6b8da28fc948aeffb74aa17
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

On Tue, Nov 28, 2006 at 03:00:31PM +1300, Peter Gutmann wrote:
> Peter Williams <home_pw@msn.com> writes:

>> Out of interest Peter and Martin, how well do your software and hardward
>> modules handle the following change from SSL v2 to SSL v3, including fallback
>> handling as specified by SSL3, and then the TLS fallback mechanisms?
>> 
>> "SSL Version 3 supports the transmission and reception of "out of band data".
>> Out of band data is normally defined at the TCP/IP protocol level, but
>> because of SSL's privacy enhancements and support for block ciphers, this
>> becomes difficult to support.

> I don't handle it at all, if my code sees OOB data in the middle of a TLS
> stream it flags it as a network-level error (my security model is default-
> deny).  I've never seen OOB data used and can't imagine why it'd ever be used
> except as a potential attack vector targetting corner cases in TLS
> implementations.

The above quote is from the SSL patent, which does mention
"SSL Version 3" -- but it's not really about what we know as SSL 3.0,
it only describes the SSL 2 protocol design.  The patent says that
"currently there are several versions of the novel SSL", and there the
"novel SSL" is what we know as SSL 2 and variants thereof.  What
eventually was fielded as SSL 3.0 is, of course, a very different
protocol.

The SSL 2 protocol design provides for a "security escape" flag in
record headers ("reserved for future versions of the protocol"),
which would be used to tag out-of-band data.  That and now TCP-leve
out-of-band data is what the above patent text is talking about.
(As noted there, handling TCP out-of-band data would be difficult
within SSL.)

Bodo


_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls