Re: [TLS] Issue 16: Alert clarifications

To: bmoeller at acm.org (Bodo Moeller)
Subject: Re: [TLS] Issue 16: Alert clarifications
From: Martin Rex <Martin.Rex at sap.com>
Date: Tue, 12 Jun 2007 19:21:19 +0200 (MEST)
Cc: Martin.Rex at sap.com, tls at ietf.org
In-reply-to: <20070612152119.GA25578@tau.invalid> from "Bodo Moeller" at Jun 12, 7 05:21:19 pm
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
Reply-to: martin.rex at sap.com

Bodo Moeller wrote:
> 
> On Tue, Jun 12, 2007 at 04:53:41PM +0200, Martin Rex wrote:
> 
> > I would also appreciate if the spec was more explicit about this,
> > and in particular I do *NOT* want this to be considered a change
> > to the existing spec that is new and valid only for TLSv1.2.
> 
> Not a change just for TLS 1.2, but a clarification for something that
> previously was under-specified.

OK!

> 
> >> (according to the spec, it is about unacceptable "security
> >> parameters", and that's a pretty specific term in the TLS
> >> specification: see 6.1 and A.6).
> >
> > The spec calls for a fatal handshake_failure alert in most situations.
> 
> One problem is that the spec doesn't really say that you can use
> handshake_failure in such situations.  The spec can just as easily be
> interpreted as saying that you can't.  (Common sense can come in
> helpfully and say that you should use handshake_failure *despite of*
> what the current spec says.)

According to the SSL spec, a handshake failure alert is the appropriate
(server) response to a client sending a "no_certificate" warning alert
upon a Certificate Request message.

For every protocol you will need a catch-all error message that has
to be used whenever there is not specific error message available
to describe the situation (In GSS-API it is the MISC_FAILURE major_status)
In SSL, for errors during the handshake this is the handshake_failure alert.

What TLS currently doesn't provide is a means to communicate implementation
specific information about an error, which may be specific to particular
cipher-suites, specific to particular PKI operations (and not covered
by the existing certificate-related alerts), or eventually, specific
to alternative authentication protocols that people are trying to
add to TLS.  Maybe the alert protocol should be enhanced to provide
a container for such auxiliary error information before fancy new
authentication schemes are added to the TLS protocol engine.

-Martin

_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

References:
- Re: [TLS] Issue 16: Alert clarifications
  - From: Bodo Moeller

Prev by Date: Re: [TLS] Issue 16: Alert clarifications
Next by Date: Re: [TLS] Straw poll on TLS SRP status
Previous by thread: Re: [TLS] Issue 16: Alert clarifications
Next by thread: Re: [TLS] Issue 16: Alert clarifications
Index(es):
- Date
- Thread

Re: [TLS] Issue 16: Alert clarifications

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.