Re: [TLS] Issue 16: Alert clarifications

To: bmoeller at acm.org (Bodo Moeller)
Subject: Re: [TLS] Issue 16: Alert clarifications
From: Martin Rex <Martin.Rex at sap.com>
Date: Tue, 12 Jun 2007 01:26:34 +0200 (MEST)
Cc: Martin.Rex at sap.com, tls at ietf.org
In-reply-to: <20070611222711.GA8891@tau.invalid> from "Bodo Moeller" at Jun 12, 7 00:27:11 am
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
Reply-to: martin.rex at sap.com

Bodo Moeller wrote:
> 
> Martin Rex wrote:
> > 
> > The description of Error (alerts) in SSLv3 (Nov.96) says this:
> > 
> >   5.4.2 Error alerts
> > 
> >      Error handling in the SSL Handshake protocol is very simple.  When
> >      an error is detected, the detecting party sends a message to the
> >      other party.  Upon transmission or receipt of an fatal alert
> >      message, both parties immediately close the connection.  Servers
> >      and clients are required to forget any session-identifiers, keys,
> >      and secrets associated with a failed connection.  The following
> >      error alerts are defined:
> > 
> > A no_certificate alert sent by an SSL/TLS client is not an error,
> > it is a protocol option requested by the server and rejected by the
> > client.  If the server considers this an error "the detecting party
> > sends a message to the other party."  If that message is a fatal
> > alert, the communication ends.  If the peer simply closes the
> > communication channel without sending the required (alert) message
> > it is defective.
> 
> Here you are mixing levels: the no_certicate alert *is* defined in
> the "Error Alerts" section, so technically this *is* an "error" --
> at least in the sense of "error" that the sentence that you quote
> is assuming.

Carefully read the "Error alerts" (which is present in TLS 1.0 as well)
again.

The two important points there are

 1)  "When an error is detected, the detecting party sends a
      message to the the other party".

 2)  "upon transmission or receipt of a(n) fatal alert message,
      both parties immediately close the connection."

In error situations, the connection is terminated after transmission
or receipt of a fatal alert message.  The party that "detects" the
error (i.e. the party that wants to abort the handshake) sends a
(fatal alert) message to the other party.

For me, that is equal to a "MUST send fatal alert before closing
the connection" in error situations.  Graceful shutdown uses
close notify (warning) alerts.

The "no_certificate" and "no_renegotiation" message, when sent as
warning (not as fatal) are definitely not errors, they just happen
to share the same messaging primitive (SSL alert) and are therefore
described in this section as well.

At most, the TLS spec failed to adopt the correct spec terminology
when copying the SSLv3 text.  IMHO it has always been fairly obvious
what correct implementations are supposed to do.

-Martin

_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] Issue 16: Alert clarifications
  - From: Martin Rex
- Re: [TLS] Issue 16: Alert clarifications
  - From: Bodo Moeller

References:
- Re: [TLS] Issue 16: Alert clarifications
  - From: Bodo Moeller

Prev by Date: Re: [TLS] Issue 16: Alert clarifications
Next by Date: Re: [TLS] Issue 16: Alert clarifications
Previous by thread: Re: [TLS] Issue 16: Alert clarifications
Next by thread: Re: [TLS] Issue 16: Alert clarifications
Index(es):
- Date
- Thread

Re: [TLS] Issue 16: Alert clarifications

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.