[pro] Heartbleed?
Pascal J. Bourguignon
pjb at informatimago.com
Thu Apr 24 17:11:34 UTC 2014
Max Rottenkolber <max at mr.gy> writes:
> On Thu, 24 Apr 2014 18:13:35 +0200, Pascal J. Bourguignon wrote:
>
>> a dead process sending fixed or previsible packets
>
> I didn't think of that. So basically you ensure the responding connection
> isn't compromised by exercising the encryption, which is the hardest to
> fake for a malicious attacker. Makes sense... Shame on me! :)
>
> What about a fixed length input though (and maybe answering with a
> digest)? It still seems to me that the specified behavior is overly
> arbitrary/error prone.
The introduction of the protocol says:
The Heartbeat Extension provides a new protocol for TLS/DTLS allowing
the usage of keep-alive functionality without performing a
renegotiation and a basis for path MTU (PMTU) discovery for DTLS.
So the variable size of the packet is used for this later feature,
discovery of path MTU or PMTU.
--
__Pascal Bourguignon__
http://www.informatimago.com/
"Le mercure monte ? C'est le moment d'acheter !"
More information about the pro
mailing list