[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Protocol: abandoning Bind and Start TLS



At 02:09 PM 1/5/2004, Jim Sermersheim wrote:
>Kurt,
> 
>>>   Abandon and Unbind operations cannot be abandoned.
>>
>>I think we need to expand this (for security and interoperability
>>reasons):
>> Abandon, Bind, Start TLS, and Unbind operations cannot be abandoned.
>Can you talk more about the problems of abandoning bind and start tls?

Sure.

Allowing abandonment of operations which establish (or teardown)
security associations is, besides likely not being terribly useful,
is inherently dangerous.  Also, it will lead to significant
operational problems.

For instance, consider what a client can do after issuing an
abandon for a Bind operation which could result in establishment
of security layers.  The Abandon might not reach the server before
completion of the Bind.  The server then installs the layers and
expects the client to do the same.  But the Abandon was sent
before those layers were installed (or sent using old layers),
so the server MUST drop the connection.

Even for a server which only supported simple bind, allowing
abandonment is problematic.  Assuming the client did not
get a response for a bind request which was abandoned, its not
clear to the client what the association would be that prior
to issuing bind, anonymous, or that requested by the bind
(the response could still be in transit).  (Instead of
abandoning, it would be far wiser to simply issue a new
bind request instead of issuing the bind.  (Want to discuss
whether a could should or should not be able to issue a bind
request whilst a bind response is outstanding?)

Regarding Start TLS, RFC 2830 said:
  The client MUST NOT send any PDUs on this connection        
  following this request until it receives a Start TLS extended        
  response.
This clearly prohibits the client from sending an abandon request
for the Start TLS operation.