Update Proposed for RFC 6520 Heartbeat Extension for TLS/DTLS

Fri, 25 Jul 2014 03:34:13 -0700 

Dear OpenSSL & IETF Teams,Hi I am Imran Ghafoor from NUST Pakistan, doing my MS 
research on Heartbleed Bug.I have following suggestion for RFC 6520:The 
Heartbleed patch developed as per OpenSSL guidelines can be used in Embedded 
Systems, however since embedded systems have limited memory & computing 
resources an update/amendment in RFC is proposed to develop an Embedded Systems 
friendly patch of OpenSSL. The payload of Heartbeat should be fixed to one 
character ‘H’. The one character length HeartbeatRequest will be Embedded 
Systems friendly and similarly HeartbeatResponse message should also return 
single character ‘H’, therefore removing the possibility of memory leak in 
OpenSSL Heartbleed attack as well as conserving the memory resources for 
embedded systems.  . Looking forward to hearing from you on this suggestion. 
Regards,Imran Ghafoor

Reply via email to