[Gen-art] Expanded alert codes. [Was Re: [TLS] Genart last call review of draft-ietf-tls-tls13-24]
Eric Rescorla <ekr@rtfm.com> Sat, 31 March 2018 13:43 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 465E412D7F0 for <gen-art@ietfa.amsl.com>; Sat, 31 Mar 2018 06:43:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TRJYR7ijNsQe for <gen-art@ietfa.amsl.com>; Sat, 31 Mar 2018 06:43:02 -0700 (PDT)
Received: from mail-ot0-x22a.google.com (mail-ot0-x22a.google.com [IPv6:2607:f8b0:4003:c0f::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4485B126C26 for <gen-art@ietf.org>; Sat, 31 Mar 2018 06:43:02 -0700 (PDT)
Received: by mail-ot0-x22a.google.com with SMTP id n40-v6so11837840otd.3 for <gen-art@ietf.org>; Sat, 31 Mar 2018 06:43:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to:cc; bh=16Vrt5szUv7O3TMWd8b4agVJqxq26PtClBMWFBR5NDM=; b=BBPd6E+gC02Z8L54Y7fzALyBUjJrhhfCh9UtNcLcX4yCmdg6uo826IPQoJdzV/YNpl 6mn5lWEcf63ey8hxgaaWXIYrLmL08NexqomjItK/Xm4lUvtGA6hXfM96VjGKHUFKL1kz LSDy93xIfnI2uyFDVbA16rRfen1AsfVewRAnZAj6aW83GG+Kza6Hm3GoWEMbTN8HKZlF KrEyoA3mnC9wY01jOp58Mebp3+OXFUVD7vc9K2SUeTFzJXZ79kFP8JrNfiKNxnIbx9I7 /KbdqccwJ43p47eNkGk5Nj3tTKwfJm+u154LmDslp71KQNgGMYcx0Vk1lHWD9C3eCVYp jNDg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=16Vrt5szUv7O3TMWd8b4agVJqxq26PtClBMWFBR5NDM=; b=P18UY3hg/0cVc2JWhbvdzHrXgtq3F6IoJtJgzangiLWqqlrTCZBvK2KLbt2snr6I7c ysO2NR9QSI50OhGG0UioWXjK8mH6nTXRvS5kpmQDsh/ee+Zp/r2h65qSScj+N9b8/EcI wEPJe6y++OQhBeKIhvji9LJAiIXuJIYQNJhQ0gXqYIXhoPjMhLT7L3toQx45IkRoqwnH wIubJiyt8pUmnEMO+TaKTSgj/8Jyqf8dVjR1rqBqnEaeCjrIcHtK0oDRtoHwmaaogcBb GNfWeJMq84XUI6ZtBy3zi4+dz+36fX1iKWL06KSgYo0Dd24Q13gcWEgKF6XQ3GAqqq5c lNfA==
X-Gm-Message-State: ALQs6tAhfOSToDEdUn7cR8KHAyFb7WIUskNWgQZ0Fwd7de5ZGRBJHKS1 ZtocBhJJdRUrHVZzpZVMGMDK8OGZGRt349IXlLaGRA==
X-Google-Smtp-Source: AIpwx49IfvoJGnFDfqLqR1JDnZcLxTHMchVyp4qIb5LJBVCn70UOKrg/Mn6pzFn4lTL+M4alywdRRYhKYVnTY6VRJLk=
X-Received: by 2002:a9d:7348:: with SMTP id l8-v6mr1702005otk.217.1522503781512; Sat, 31 Mar 2018 06:43:01 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.138.18.130 with HTTP; Sat, 31 Mar 2018 06:42:20 -0700 (PDT)
From: Eric Rescorla <ekr@rtfm.com>
Date: Sat, 31 Mar 2018 06:42:20 -0700
Message-ID: <CABcZeBNB50jY1odzgVZVKqn8F7TCj1b+A_95yG6f=Nde0KVv+g@mail.gmail.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Cc: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>, Bill Frantz <frantz@pwpconsult.com>, Steve Fenter <steven.fenter58@gmail.com>, "Dale R. Worley" <worley@ariadne.com>, General Area Review Team <gen-art@ietf.org>, IETF discussion list <ietf@ietf.org>, "draft-ietf-tls-tls13.all@ietf.org" <draft-ietf-tls-tls13.all@ietf.org>, "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000001117950568b589b9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/p1-RU8Ln_hiANcUdkBWU8veoK5M>
Subject: [Gen-art] Expanded alert codes. [Was Re: [TLS] Genart last call review of draft-ietf-tls-tls13-24]
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 31 Mar 2018 13:43:05 -0000
Thinking through this some more, I'm skeptical that this is going to be that useful as a debugging-only feature. In my experience, there are four major scenarios for diagnosing this kind of failure. Under the assumption that you control one end, the other end can be: 1. A live endpoint. 2. A testing endpoint someone has put up. 3. An endpoint that someone is actively working on with you. 4. An endpoint you control (e.g., you're running it on your own machine). If this is a debug-only feature, then it won't be available in case #1, and it's not that helpful in case 4, because you can read the logs, errors, etc. yourself. For the same reason, it's not really that helpful in case #3, because you can just ask the person you're working with to read the logs, so this leaves case #2, which I agree can be annoying. However, what we've started doing with QUIC is just to have the endpoints dump their logs so that they're available on a co-located Web site. That gives you a lot more information than you'd probably want to fit in an alert message (e.g., you can print out the keying material, etc.) I guess there might be some intermediate category 1.5 that's kind of in production so you don't want to print out complete logs, but you'd like more detail than you would probably want to expose in general, but my experience is that that's not super-common. -Ekr On Fri, Mar 30, 2018 at 7:16 PM, Peter Gutmann <pgut001@cs.auckland.ac.nz> wrote: > Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> writes: > > >I agree with Eric’s assessment, this could be in a new draft as an > extension. > > Anyone want to work on this? I can contribute a bit by recycling the EtM > text, which sets out how to communicate a boolean flag (for "I speak > extended > alerts") as an extension, apart from that you just need to define the alert > format, which I assume just means adding a free-form text field to the > existing alerts. > > Peter. >
- [Gen-art] Expanded alert codes. [Was Re: [TLS] Ge… Eric Rescorla
- Re: [Gen-art] Expanded alert codes. [Was Re: [TLS… Peter Gutmann
- Re: [Gen-art] [TLS] Expanded alert codes. [Was Re… Ion Larranaga Azcue
- Re: [Gen-art] [TLS] Expanded alert codes. [Was Re… Peter Gutmann
- Re: [Gen-art] [TLS] Expanded alert codes. [Was Re… Ion Larranaga Azcue
- Re: [Gen-art] [TLS] Expanded alert codes. [Was Re… Ion Larranaga Azcue
- Re: [Gen-art] Expanded alert codes. [Was Re: [TLS… Eric Rescorla
- Re: [Gen-art] Expanded alert codes. [Was Re: [TLS… Dale R. Worley