Re: [Syslog] DTLS renegotiation

Find in this group all groups

Home Log In Sign Up FAQ

Unknown

more information…

s : syslog@ietf.org

11 March 2010 • 3:37AM -0500

Re: [Syslog] DTLS renegotiation
by tom.petch

Google me that

REPLY TO AUTHOR

Google me that

REPLY TO GROUP

---- Original Message -----
From: "Joseph Salowey (jsalowey)" <jsalowey@cisc...>
To: <syslog@ietf...>
Sent: Sunday, March 07, 2010 11:29 PM
Subject: [Syslog] DTLS renegotiation

> Richard pointed out that we should cover issues DTLS renegotiation.
> Recently, as you may have been aware, there have been vulnerabilities
> discovered with TLS renegotiation.   In general, DTLS tends to be less
> vulnerable to the attacks described, but there still can be issues.
> During renegotiation new parameters can be renegotiated for the
> connection and, with most libraries, the application does not know that
> a change occurred.  In general I think it would be best to avoid
> renegotiation, however this means that in the case of extremely long
> lived connections the connection will need to be broken and started
> again at some point.
>
> Below is the text I suggest adding to the security considerations of the
> document.
>
>
> 8.1 DTLS Renegotiation
>
> TLS and DTLS renegotiation may be vulnerable to attacks described in RFC
> 5746.  Although RFC 5746 provides a fix for some of the issues,
> renegotiation can still cause problems for applications since connection
> security parameters can change without the application knowing it.
> There for it is RECOMMENDED that renegotiation be disabled for syslog
> over DTLS.   If, for some reason, renegotiation is allowed then the
> specification in RFC 5746 MUST be followed and the implementation MUST
> make sure that the connection security parameters do not change during
> renegotiation.

I think that the last sentence goes too far and should be more like

" If renegotiation is allowed then the
> specification in RFC 5746 MUST be followed and the implementation MUST
> make sure that the connection still has adequate security and that any
identities extracted from client and serverthe certificates do not change during
> renegotiation.

Well, a bit clumsy, but I would like to be specific on those two issues.  They
are nothing to do with the problem that RFC5746 addresses but the work leading
up to RFC5746 did show that these are related issues with renegotiation.

Tom Petch

> _______________________________________________
> Syslog mailing list
> Syslog@ietf...
> https://www.ietf.org/mailman/listinfo/syslog

_______________________________________________
Syslog mailing list
Syslog@ietf...
https://www.ietf.org/mailman/listinfo/syslog

Bookmark with:

Delicious

Digg

Facebook

StumbleUpon

Related Messages

opensubscriber is not affiliated with the authors of this message nor responsible for its content.