Re: [TLS] Issue 16: Alert clarifications

Subject: Re: [TLS] Issue 16: Alert clarifications
From: Nelson B Bolyard <nelson at bolyard.com>
Date: Mon, 11 Jun 2007 22:30:41 -0700
Cc: tls at ietf.org
In-reply-to: <200706120015.l5C0FpSQ014433@fs4113.wdf.sap.corp>
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
Organization: Spam haters R US
References: <200706120015.l5C0FpSQ014433@fs4113.wdf.sap.corp>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a5pre) Gecko/20070528 SeaMonkey/1.5a

Martin Rex wrote:
> Bodo Moeller wrote:

>> Of course, I totally agree that it makes sense to require fatal alerts
>> before the connection is torn down (except in the close_notify case,
>> obviously), and that it makes a lot of sense for implementations of
>> the current specs to behave like this.  I just don't agree that the
>> current specifcations already require implementations to do this.
> 
> I firmly believe that the SSLv3 spec required it, but a spec weasel
> might try to argue that the TLSv1.0 an later specs have failed to add
> the proper rfc-2119 terminology to various places of the SSLv3 protocol
> description and therefore relaxed the original SSLv3 requirements.

And in fact, one of the top 10 most-used TLS implementations (one of
the newer ones) does not send fatal alerts (at least, not for most
errors), citing just that reason.

I see this becoming a nightmare for people who must diagnose problems.
I'm afraid it's too late for TLS 1.0 and 1.1 already, but I sure would
like to see it fixed in 1.2.

-- 
Nelson B

_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

References:
- Re: [TLS] Issue 16: Alert clarifications
  - From: Martin Rex

Prev by Date: Re: [TLS] Issue 16: Alert clarifications
Next by Date: [TLS] Fwd: I-D ACTION:draft-nir-tls-eap-00.txt
Previous by thread: Re: [TLS] Issue 16: Alert clarifications
Next by thread: Re: [TLS] Issue 16: Alert clarifications
Index(es):
- Date
- Thread

Re: [TLS] Issue 16: Alert clarifications

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.