Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Heartbeat extension: does it make sense to allow for arbitrary payload?

https://www.rfc-editor.org/rfc/rfc6520 does not explain why a heartbeat request/response round-trip is supposed to contain a payload. It just specifies that there is room for payload and that the response has to contain the same payload as the request.

What is this payload good for? My questions are:

  • What could it be that the engineers thought when they designed the protocol to allow for including arbitrary payload into the heartbeat request? What are the advantages?

  • What are the reasons that this payload must be contained in the response?

I see that by allowing for arbitrary payload the application is able to unambiguously match a certain response with a certain request. Is that the only advantage? If yes, then why did one not force the payload to be of a certain length? What is the flexibility in the payload length good for? Does it have to do with a cryptographic concept, such that the length of heartbeat requests must be unpredictable?

Other "heartbeat"-like protocol extensions simply pre-define the exact request (e.g. "ping") and the corresponding response (e.g. "pong"). Why did https://www.rfc-editor.org/rfc/rfc6520 take a different route?

It is important to understand the reasoning behind the choices made in RFC6520 in order to properly assess hypotheses that all this might have been an intelligently placed backdoor.

like image 255
Dr. Jan-Philip Gehrcke Avatar asked Apr 10 '14 10:04

Dr. Jan-Philip Gehrcke


People also ask

What RFC specifies the heartbeat extension What is the reason to include the heartbeat extension?

The Heartbeat Extension for the Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) protocols was proposed as a standard in February 2012 by RFC 6520. It provides a way to test and keep alive secure communication links without the need to renegotiate the connection each time.

What is heartbeat extension?

The Heartbeat Extension provides a new protocol for TLS/DTLS allowing the usage of keep-alive functionality without performing a renegotiation and a basis for path MTU (PMTU) discovery for DTLS.


1 Answers

  • Regarding the arbitrary size: the rfc abtract states that the Hearbeat extension is a basis for path MTU (PMTU) discovery for DTLS. Varying the size is a basis to implement that protocol (http://en.wikipedia.org/wiki/Path_MTU_Discovery)

  • Regarding the arbitrary content: packet delivery may not be preserved or packets may be lost. varying the content helps to identify them

like image 179
jdregister Avatar answered Sep 19 '22 08:09

jdregister