From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00, REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4 Path: border1.nntp.dca3.giganews.com!backlog3.nntp.dca3.giganews.com!border2.nntp.dca.giganews.com!nntp.giganews.com!usenet.blueworldhosting.com!feeder01.blueworldhosting.com!feeder.erje.net!eu.feeder.erje.net!xlned.com!feeder1.xlned.com!newsfeed.xs4all.nl!newsfeed2a.news.xs4all.nl!xs4all!news.stack.nl!aioe.org!.POSTED!not-for-mail From: "Dmitry A. Kazakov" Newsgroups: comp.lang.ada Subject: Re: OpenSSL development (Heartbleed) Date: Tue, 22 Apr 2014 21:53:01 +0200 Organization: cbb software GmbH Message-ID: <1ottu3pw9hxl1.i1h7v3r51vk0.dlg@40tude.net> References: <-OGdnezdYpRWFc_OnZ2dnUVZ_vednZ2d@giganews.com> <535297f1$0$6715$9b4e6d93@newsspool3.arcor-online.net> <5352a585$0$6707$9b4e6d93@newsspool3.arcor-online.net> <535688a0$0$6721$9b4e6d93@newsspool3.arcor-online.net> <19mxjybev4fc9.1fkxznem326v8$.dlg@40tude.net> Reply-To: mailbox@dmitry-kazakov.de NNTP-Posting-Host: AuYlnUSfTZrfhAkRjyySpQ.user.speranza.aioe.org Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Complaints-To: abuse@aioe.org User-Agent: 40tude_Dialog/2.0.15.1 X-Notice: Filtered by postfilter v. 0.8.2 X-Original-Bytes: 2658 Xref: number.nntp.dca.giganews.com comp.lang.ada:185944 Date: 2014-04-22T21:53:01+02:00 List-Id: On Tue, 22 Apr 2014 16:57:28 +0000 (UTC), Simon Clubley wrote: > On 2014-04-22, Dmitry A. Kazakov wrote: >> On Tue, 22 Apr 2014 17:20:13 +0200, G.B. wrote: >>> >>> Evidence, indeed! >>> Now given ISO/IEC 27000, a family of standards revolving >>> around security, and Heartbleed, what can anyone do to make >>> standards effecive? >> >> Properly designed standards, maybe? Let me ask a stupid question. What has >> a transport level protocol to do with the application level's servers (and >> clients)? If it really were a strictly transport level, no implementation >> could leak data out of higher levels. Right? > > No, properly _implemented_ standards are what is required. > > Heartbleed came about because a boundary check was missing which allowed > a invalid request to be processed instead of being rejected and, because > of the _implementation_, was allowed access to memory that had nothing to > do with the request. > > This was a failure in the implementation of the standard, not a failure > of the standard itself. Boundary checks or not, the transport layer shall have no access to the server data. A tightly coupled system is vulnerable. If compromising just one component opens all gates wide, that is a bad standard and bad design. The effects of errors and faults must be bounded per design. -- Regards, Dmitry A. Kazakov http://www.dmitry-kazakov.de