Re: [TLS] Issue 16: Alert clarifications

To: Nelson B Bolyard <nelson at bolyard.com>
Subject: Re: [TLS] Issue 16: Alert clarifications
From: Eric Rescorla <ekr at networkresonance.com>
Date: Sat, 07 Jul 2007 16:43:57 -0700
Cc: tls at ietf.org
In-reply-to: <466CB8EF.9080700@bolyard.com>
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
References: <20070603145730.4507B33C4B@delta.rtfm.com> <B356D8F434D20B40A8CEDAEC305A1F2404395329@esebe105.NOE.Nokia.com> <20070607132918.4459D33C58@delta.rtfm.com> <4668CDF7.9030600@bolyard.com> <20070608083514.GA11066@tau.invalid> <466CB8EF.9080700@bolyard.com>
User-agent: Wanderlust/2.14.0 (Africa) Emacs/21.3 Mule/5.0 (SAKAKI)

At Sun, 10 Jun 2007 19:52:31 -0700,
Nelson B Bolyard wrote:
> > Why not require that a fatal alert be sent any time that the connection
> > is going to be torn down due to a protocol error of any kind?
> 
> I still think that deserves an answer.

As I said previously, I'm not comfortable with this without a full
security analysis of all of the implications of every single thing
that might go wrong, esp. as we have been burned by inappropriate
alerts in the past.

Since nobody has volunteered to do said analysis, the minimum
safe thing is to simply require that the current fatal alerts
be sent. I appreciate that you feel that it would make debugging
easier to require an alert in every case, but, then, so would
including the exact line of code on the local side that generated
the failure, but I don't hear anyone proposing that, so I don't
think this is the only consideration.

-Ekr

_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

References:
- [TLS] Issue 16: Alert clarifications
  - From: Eric Rescorla
- RE: [TLS] Issue 16: Alert clarifications
  - From: Pasi.Eronen
- Re: [TLS] Issue 16: Alert clarifications
  - From: Eric Rescorla
- Re: [TLS] Issue 16: Alert clarifications
  - From: Nelson B Bolyard
- Re: [TLS] Issue 16: Alert clarifications
  - From: Bodo Moeller
- Re: [TLS] Issue 16: Alert clarifications
  - From: Nelson B Bolyard

Prev by Date: Re: [TLS] Signature Hash Agility
Next by Date: [TLS] draft-ietf-tls-rfc4346-04 available
Previous by thread: Re: [TLS] Issue 16: Alert clarifications
Next by thread: Re: [TLS] Issue 16: Alert clarifications
Index(es):
- Date
- Thread

Re: [TLS] Issue 16: Alert clarifications

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.