[riot-notifications] [RIOT-OS/RIOT] pkg/tinydtls: handling of close_notify (#16422)

János Brodbeck notifications at github.com
Tue Jul 6 19:01:16 CEST 2021


> There is just nothing as a TCP FIN for UDP. So, any references, what that attack means for UDP?

That's actually a good question, what this means for UPD. I've taken the truncation part directly out of the TLS RFC. Since we should(!) not have real application sessions over UDP, I can imagine that we do not have this problem here. But I also do not want to exclude that it does not open a similar problem. I'm honestly also too little in the picture, what it takes for truncation attacks all to effectively exploit.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/RIOT-OS/RIOT/pull/16422#issuecomment-874929679
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riot-os.org/pipermail/notifications/attachments/20210706/974c8ca2/attachment.htm>


More information about the notifications mailing list