[Cryptography] Interesting new TLS RFC draft
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Tue Apr 4 05:09:00 EDT 2017
In case anyone missed it:
The Transport Layer Security (TLS) Extension to Support Code Execution
draft-tls-yolo-rce
https://mailarchive.ietf.org/arch/attach/tls/txtBOpyxc.txt
Historically arbitrary code execution has been a TLS feature. We can
look to the openssl-too-open extension to the Secure Sockets Layer
first introduced in 2002 as precedent, however more recently code
execution was provided via Microsoft's SChannel library as documented
in the [MS14-066] specification. Other vendors have implemented code
execution as an X.509 extension such as the [TALOS-2017-0296]
specification which augments standard X.509 name constraints with
code execution features.
With the rapid adoption of TLS-based applications and rich history of
vendor-specific code execution features implemented as library-
specific point-solutions, we feel the TLS ecosystem could benefit
from a standardized method for accepting a client-specified octet
string of otherwise unspecified architecture-specific native code.
[...]
Peter.
More information about the cryptography
mailing list