From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00,
	REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4
Path: 
 border2.nntp.dca3.giganews.com!backlog4.nntp.dca3.giganews.com!border2.nntp.dca.giganews.com!nntp.giganews.com!usenet.blueworldhosting.com!feeder01.blueworldhosting.com!aioe.org!.POSTED!not-for-mail
From: "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de>
Newsgroups: comp.lang.ada
Subject: Re: OpenSSL development (Heartbleed)
Date: Wed, 23 Apr 2014 09:30:08 +0200
Organization: cbb software GmbH
Message-ID: <6xpjk44lobfz.fctt93m75u47$.dlg@40tude.net>
References: <-OGdnezdYpRWFc_OnZ2dnUVZ_vednZ2d@giganews.com>
 <535297f1$0$6715$9b4e6d93@newsspool3.arcor-online.net>
 <op.xekmrhmiule2fv@cardamome>
 <5352a585$0$6707$9b4e6d93@newsspool3.arcor-online.net>
 <lj4ath$c6i$1@loke.gir.dk>
 <535688a0$0$6721$9b4e6d93@newsspool3.arcor-online.net>
 <19mxjybev4fc9.1fkxznem326v8$.dlg@40tude.net> <lj671n$bj6$1@dont-email.me>
 <1ottu3pw9hxl1.i1h7v3r51vk0.dlg@40tude.net>
 <slrnlleked.i0l.lithiumcat@nat.rebma.instinctive.eu>
Reply-To: mailbox@dmitry-kazakov.de
NNTP-Posting-Host: G+aXx1XI67D34t54ibhUPQ.user.speranza.aioe.org
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Complaints-To: abuse@aioe.org
User-Agent: 40tude_Dialog/2.0.15.1
X-Notice: Filtered by postfilter v. 0.8.2
X-Original-Bytes: 2631
Xref: number.nntp.dca.giganews.com comp.lang.ada:186009
Date: 2014-04-23T09:30:08+02:00
List-Id: <comp.lang.ada>

On Wed, 23 Apr 2014 05:38:21 +0000 (UTC), Natasha Kerensikova wrote:

> On 2014-04-22, Dmitry A. Kazakov <mailbox@dmitry-kazakov.de> wrote:
>> On Tue, 22 Apr 2014 16:57:28 +0000 (UTC), Simon Clubley wrote:
>>> No, properly _implemented_ standards are what is required.
>>> 
>>> Heartbleed came about because a boundary check was missing which allowed
>>> a invalid request to be processed instead of being rejected and, because
>>> of the _implementation_, was allowed access to memory that had nothing to
>>> do with the request.
>>> 
>>> This was a failure in the implementation of the standard, not a failure
>>> of the standard itself.
>>
>> Boundary checks or not, the transport layer shall have no access to the
>> server data.
>>
>> A tightly coupled system is vulnerable. If compromising just one component
>> opens all gates wide, that is a bad standard and bad design. The effects of
>> errors and faults must be bounded per design. 
> 
> How would you design a transport layer that has no access to whatever is
> supposed to be transported?
> 
> "Heartbleed" didn't leak any data that ins't legitimataly needed by
> OpenSSL (i.e. transported data and/or transport parameters (like keys))

I heard it leaked user data, I didn't go into details. I hope user data are
not transported, because otherwise that would be even an greater design
fault.

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de