Re: [TLS] Issue 16: Alert clarifications

To: Nelson B Bolyard <nelson at bolyard.com>
Subject: Re: [TLS] Issue 16: Alert clarifications
From: Bodo Moeller <bmoeller at acm.org>
Date: Mon, 11 Jun 2007 07:36:36 +0200
Cc: tls at ietf.org
In-reply-to: <466CB8EF.9080700@bolyard.com>
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
References: <20070603145730.4507B33C4B@delta.rtfm.com> <B356D8F434D20B40A8CEDAEC305A1F2404395329@esebe105.NOE.Nokia.com> <20070607132918.4459D33C58@delta.rtfm.com> <4668CDF7.9030600@bolyard.com> <20070608083514.GA11066@tau.invalid> <466CB8EF.9080700@bolyard.com>
User-agent: Mutt/1.5.9i

On Sun, Jun 10, 2007 at 07:52:31PM -0700, Nelson B Bolyard wrote:

>> How about the following?
>> 
>>    If an alert with a level of warning is sent and received, generally
>>    the connection can continue normally.  If the receiving party
>>    decides not to proceed with the connection (e.g., after having
>>    received a no_renegotiation alert that it is not willing to
>>    accept), it MUST send a fatal alert to terminate the connection.

> I don't object to that, except that it changes TLS so that SOME fatal
> errors MUST be accompanied with a Fatal Alert (as opposed to being
> torn down silently), but others are not required to do so.  This begs
> the question: why should some fatal errors require a fatal alert,
> but not others?
> 
> In a previous message in this thread, I asked/proposed:
> 
>> Why not require that a fatal alert be sent any time that the connection
>> is going to be torn down due to a protocol error of any kind?

Yes, this makes sense -- anytime a party has to abort the connection
because of some protocol error, it should send a fatal alert if
possible.

Bodo


_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

References:
- [TLS] Issue 16: Alert clarifications
  - From: Eric Rescorla
- RE: [TLS] Issue 16: Alert clarifications
  - From: Pasi.Eronen
- Re: [TLS] Issue 16: Alert clarifications
  - From: Eric Rescorla
- Re: [TLS] Issue 16: Alert clarifications
  - From: Nelson B Bolyard
- Re: [TLS] Issue 16: Alert clarifications
  - From: Bodo Moeller
- Re: [TLS] Issue 16: Alert clarifications
  - From: Nelson B Bolyard

Prev by Date: Re: [TLS] Issue 16: Alert clarifications
Next by Date: Re: [TLS] Issue 16: Alert clarifications
Previous by thread: Re: [TLS] Issue 16: Alert clarifications
Next by thread: Re: [TLS] Issue 16: Alert clarifications
Index(es):
- Date
- Thread

Re: [TLS] Issue 16: Alert clarifications

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.