Re: [TLS] Issue 16: Alert clarifications

To: Eric Rescorla <ekr at networkresonance.com>
Subject: Re: [TLS] Issue 16: Alert clarifications
From: Nelson B Bolyard <nelson at bolyard.com>
Date: Thu, 07 Jun 2007 20:33:11 -0700
Cc: tls at ietf.org
In-reply-to: <20070607132918.4459D33C58@delta.rtfm.com>
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
References: <20070603145730.4507B33C4B@delta.rtfm.com> <B356D8F434D20B40A8CEDAEC305A1F2404395329@esebe105.NOE.Nokia.com> <20070607132918.4459D33C58@delta.rtfm.com>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a5pre) Gecko/20070527 SeaMonkey/1.5a

Eric Rescorla wrote:
> At Thu, 7 Jun 2007 15:33:13 +0300,
> <Pasi.Eronen at nokia.com> wrote:
>> Eric Rescorla wrote:
>>
>>> - Add a warning that some implementations tear down the connection
>>>   for any alert so warning alerts are dangerous. New implementations
>>>   SHOULD not tear down the connection for warning alerts.
>> Why not simply "MUST NOT tear down"? (this requirement would apply 
>> only when TLS 1.2 is negotiated, so what some implementations did
>> with 1.0 or 1.1 doesn't matter)
> 
> Works for me.

Umm. Some warning alerts exist to give the recipient a choice to tear
down or not.  E.g. no_renegotiation.  RFC 2246 says:

   no_renegotiation
       Sent by the client in response to a hello request or by the
       server in response to a client hello after initial handshaking.
       Either of these would normally lead to renegotiation; when that
       is not appropriate, the recipient should respond with this alert;
       at that point, the original requester can decide whether to
       proceed with the connection. One case where this would be
       appropriate would be where a server has spawned a process to
       satisfy a request; the process might receive security parameters
       (key length, authentication, etc.) at startup and it might be
       difficult to communicate changes to these parameters after that
       point. This message is always a warning.

_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] Issue 16: Alert clarifications
  - From: Bodo Moeller

References:
- [TLS] Issue 16: Alert clarifications
  - From: Eric Rescorla
- RE: [TLS] Issue 16: Alert clarifications
  - From: Pasi.Eronen
- Re: [TLS] Issue 16: Alert clarifications
  - From: Eric Rescorla

Prev by Date: Re: [TLS] Straw poll on TLS SRP status
Next by Date: [TLS] Review feedback on draft-rescorla-tls-suiteb-01.txt
Previous by thread: Re: [TLS] Issue 16: Alert clarifications
Next by thread: Re: [TLS] Issue 16: Alert clarifications
Index(es):
- Date
- Thread

Re: [TLS] Issue 16: Alert clarifications

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.