Re: [TLS] Issue 16: Alert clarifications

[Martin Rex <Martin.Rex at sap.com>]

Pasi.Eronen at nokia.com wrote:
> 
> Eric Rescorla wrote:
> > - Add a warning that some implementations tear down the connection
> >   for any alert so warning alerts are dangerous. New implementations
> >   SHOULD not tear down the connection for warning alerts.
> 
> Why not simply "MUST NOT tear down"? (this requirement would apply 
> only when TLS 1.2 is negotiated, so what some implementations did
> with 1.0 or 1.1 doesn't matter)

I don't undestand what should be new to this.

A fatal alert has always been "fatal" for the handshake, and
implementations that continued after a fatal alert can be considered
broken.

A warning alert has never been "fatal", otherwise the distinction
into fatal and warning would be non-sensical.  It may have not been
fully spelled out in the spec, but this is a level of implicit common
sense that one should be able to expect from a sensible implementor.

I know there are broken implementations out there, and I would appreciate
if they are fixed sooner rather than later, and independent of whether
they add TLS v1.2 or not.  There is one pretty large installed base
that doesn't send any alert in most situations, and I find that highly
annoying.  Combined with a Web-Browser that produces that same
meaningless error message for >95% of the possible errors (including
connection timeout and connection refused), this makes
diagnosing SSL/TLS configuration errors pretty difficult.

-Martin

_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls