[riot-notifications] [RIOT-OS/RIOT] pkg/tinydtls: handling of close_notify (#16422)

Achim Kraus notifications at github.com
Tue Jul 6 10:44:07 CEST 2021

> Possibility of truncation attack

I'm still very confused about that and UDP. e.g. [Wiki](https://en.wikipedia.org/wiki/Transport_Layer_Security)

> SSL 2.0 used the TCP connection close to indicate the end of data. This meant that truncation attacks were possible: the attacker simply forges a TCP FIN, leaving the recipient unaware of an illegitimate end of data message (SSL 3.0 fixed this problem by having an explicit closure alert).

There is just nothing as a TCP FIN for UDP. So, any references, what that attack means for UDP?

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riot-os.org/pipermail/notifications/attachments/20210706/8c98fec7/attachment.htm>

More information about the notifications mailing list