search

Security-Industry-Association / libosdp-conformance

Apache License 2.0
27 stars 14 forks source link

retry in secure channel #38

Closed rsgmodelworks closed 1 week ago

rsgmodelworks commented 2 years ago

If a PD drops offline while in secure channel the ACU locks up. It fails to repeat transmission of a secure channel poll. Retry is there for cleartext (check that) so this should have worked.

PeterLionelJones commented 2 years ago

Not quite sure what you are telling/asking me? Had a grate chat with Ken Larson today.

Peter Jones-- MBA MSc CSyP FSyI MBCS Managing Director T:+44 1495 751992 W: tm-readers.com

​18/19 Torfaen Business Centre ​Panteg Way, New Inn, PONTYPOOL, NP4 0LS, United Kingdom Please consider the environment before printing this email

PLEASE NOTE: Information contained within this email together with any attachments is intended only for the person(s) or establishment(s) to which it is addressed, and may contain privileged or confidential information which may also be subject to legal privilege or precedence. Any retransmission, distribution, dissemination, reproduction or making use of the information in any way is strictly prohibited without the sender’s prior consent, and may make you subject to liability in tort. If you have received in error this message and/or attachments, please notify the sender immediately, then delete the message from your computer without saving, printing or making digital copies.

©THIRD MILLENNIUM SYSTEMS LIMITED reserves all rights. All third party copyrights and trademarks are acknowledged.

From: rsgmodelworks @.> Date: Monday, 28 March 2022 at 16:14 To: Security-Industry-Association/libosdp-conformance @.> Cc: Subscribed @.***> Subject: [Security-Industry-Association/libosdp-conformance] retry in secure channel (Issue #38)

If a PD drops offline while in secure channel the ACU locks up. It fails to repeat transmission of a secure channel poll. Retry is there for cleartext (check that) so this should have worked.

— Reply to this email directly, view it on GitHubhttps://github.com/Security-Industry-Association/libosdp-conformance/issues/38, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AJTVBZDBGNY54KPFA6DQBG3VCHEGXANCNFSM5R3POUCA. You are receiving this because you are subscribed to this thread.Message ID: @.***>

rsgmodelworks commented 2 years ago

wasn't aimed at you specifically. a test case happened like this: libosdp-conformance as an ACU initiated secure channel on the default key with a PD The PD complied and set up secure channel The ACU sent a secure-channel Poll (thought to be well-formed) The PD failed. The ACU hung. It failed to realize that it was getting no response to the secure channel poll.
The ACU should have performed a link-level retry i.e. sent exactly the same frame, at least one or two more times. There is supposed to be logic in there now to do this.

PeterLionelJones commented 2 years ago

Shoot the ACU vendor?

Peter Jones-- MBA MSc CSyP FSyI MBCS Managing Director T:+44 1495 751992 W: tm-readers.com

​18/19 Torfaen Business Centre ​Panteg Way, New Inn, PONTYPOOL, NP4 0LS, United Kingdom Please consider the environment before printing this email

PLEASE NOTE: Information contained within this email together with any attachments is intended only for the person(s) or establishment(s) to which it is addressed, and may contain privileged or confidential information which may also be subject to legal privilege or precedence. Any retransmission, distribution, dissemination, reproduction or making use of the information in any way is strictly prohibited without the sender’s prior consent, and may make you subject to liability in tort. If you have received in error this message and/or attachments, please notify the sender immediately, then delete the message from your computer without saving, printing or making digital copies.

©THIRD MILLENNIUM SYSTEMS LIMITED reserves all rights. All third party copyrights and trademarks are acknowledged.

From: rsgmodelworks @.> Date: Monday, 28 March 2022 at 17:19 To: Security-Industry-Association/libosdp-conformance @.> Cc: Pete Jones @.>, Comment @.> Subject: Re: [Security-Industry-Association/libosdp-conformance] retry in secure channel (Issue #38)

wasn't aimed at you specifically. a test case happened like this: libosdp-conformance as an ACU initiated secure channel on the default key with a PD The PD complied and set up secure channel The ACU sent a secure-channel Poll (thought to be well-formed) The PD failed. The ACU hung. It failed to realize that it was getting no response to the secure channel poll. The ACU should have performed a link-level retry i.e. sent exactly the same frame, at least one or two more times. There is supposed to be logic in there now to do this.

— Reply to this email directly, view it on GitHubhttps://github.com/Security-Industry-Association/libosdp-conformance/issues/38#issuecomment-1080851870, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AJTVBZDUGVGKHXOXYA6JGXTVCHL2NANCNFSM5R3POUCA. You are receiving this because you commented.Message ID: @.***>

rsgmodelworks commented 2 years ago

Oy, I am the ACU vendor in this case. I'm documenting the issue as I don't have time to fix it today but I thought I'd document it in the queue.

PeterLionelJones commented 2 years ago

Too funny . . .

Peter Jones-- MBA MSc CSyP FSyI MBCS Managing Director T:+44 1495 751992 W: tm-readers.com

​18/19 Torfaen Business Centre ​Panteg Way, New Inn, PONTYPOOL, NP4 0LS, United Kingdom Please consider the environment before printing this email

PLEASE NOTE: Information contained within this email together with any attachments is intended only for the person(s) or establishment(s) to which it is addressed, and may contain privileged or confidential information which may also be subject to legal privilege or precedence. Any retransmission, distribution, dissemination, reproduction or making use of the information in any way is strictly prohibited without the sender’s prior consent, and may make you subject to liability in tort. If you have received in error this message and/or attachments, please notify the sender immediately, then delete the message from your computer without saving, printing or making digital copies.

©THIRD MILLENNIUM SYSTEMS LIMITED reserves all rights. All third party copyrights and trademarks are acknowledged.

From: rsgmodelworks @.> Date: Monday, 28 March 2022 at 17:28 To: Security-Industry-Association/libosdp-conformance @.> Cc: Pete Jones @.>, Comment @.> Subject: Re: [Security-Industry-Association/libosdp-conformance] retry in secure channel (Issue #38)

Oy, I am the ACU vendor in this case. I'm documenting the issue as I don't have time to fix it today but I thought I'd document it in the queue.

— Reply to this email directly, view it on GitHubhttps://github.com/Security-Industry-Association/libosdp-conformance/issues/38#issuecomment-1080867991, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AJTVBZG5EVUTSHGOQIIW56LVCHM3LANCNFSM5R3POUCA. You are receiving this because you commented.Message ID: @.***>