[TLS] Issue 16: Alert clarifications
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[TLS] Issue 16: Alert clarifications
http://www3.tools.ietf.org/wg/tls/trac/ticket/16
Several people have raised the issue of what alerts must be fatal
and when they should be sent. NIST suggested that all fatal alerts
MUST be sent. They also suggested that the following alerts be fatal:
- bad_certificate,
- unsupported_certificate
- certificate_revoked.
- certificate_expired
We discussed this in Prague and looking at the minutes, it looks
to me like the resolution was as follows:
- All fatal alerts MUST be sent
- For the above alerts, if you plan to tear down the connection
on that basis you MUST make them fatal and send them
- Add a warning that some implementations tear down the connection
for any alert so warning alerts are dangerous. New implementations
SHOULD not tear down the connection for warning alerts.
Anyone disagree with this?
-Ekr
_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
