[riot-notifications] [RIOT-OS/RIOT] pkg/tinydtls: handling of close_notify (#16422)

Achim Kraus notifications at github.com
Tue Jul 6 10:44:07 CEST 2021


> Possibility of truncation attack

I'm still very confused about that and UDP. e.g. [Wiki](https://en.wikipedia.org/wiki/Transport_Layer_Security)

> SSL 2.0 used the TCP connection close to indicate the end of data. This meant that truncation attacks were possible: the attacker simply forges a TCP FIN, leaving the recipient unaware of an illegitimate end of data message (SSL 3.0 fixed this problem by having an explicit closure alert).

There is just nothing as a TCP FIN for UDP. So, any references, what that attack means for UDP?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/RIOT-OS/RIOT/pull/16422#issuecomment-874577019
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riot-os.org/pipermail/notifications/attachments/20210706/8c98fec7/attachment.htm>


More information about the notifications mailing list