Re: Protocol: Controls & multi-message operations

[Hallvard B Furuseth <h.b.furuseth@usit.uio.no>]

Kurt D. Zeilenga writes:
>At 07:39 AM 2/23/2005, Hallvard B Furuseth wrote:
>>Maybe something like this should be to [Protocol] section 4.1.11
>>(Controls) or 6 (Security Considerations):
>>  The Bind requests in a multi-step SASL Bind can have different
>>  sets of controls.  So can multiple LDAP messages returned in
>>  response to a single LDAP request.  Such control combinations
>>  over multiple LDAPMessages may be inconsistent.  Protocol peers
>>  may need to verify that they make sense instead of just trusting
>>  the controls of some of the received LDAPMessages.
>>
>> At least I imagine one could attack a sloppy server or client by
>> sending such inconsistent control combinations, though I can't
>> come up with a concrete example at the moment.
>
> I fail to see a security consideration here, or are you
> just saying that a client or server might send malformed
> messages to a peer to attack it?

No, I was thinking of messages that are fine in isolation, but with
controls modify the messages to be processed differently in some way.

Like the server attaching something like a SignedResult control to the
final response and the client notices that it is signed, forgetting to
check if each result entry was signed.  Except that control doesn't work
that way as far as I can tell, so it's not a valid example:-)
Maybe if one could sign Bind messages...

Anyway, I have no objection to dropping the idea.

-- 
Hallvard