IETF Logo Mail Archive

Re: [hybi] Fwd: failed TLS handshake: which close code?

Peter Thorson <webmaster@zaphoyd.com> Mon, 24 October 2011 14:02 UTC

Return-Path: <webmaster@zaphoyd.com>
X-Original-To: hybi@ietfa.amsl.com
Delivered-To: hybi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DDD0121F8D8D for <hybi@ietfa.amsl.com>; Mon, 24 Oct 2011 07:02:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.669
X-Spam-Level:
X-Spam-Status: No, score=-1.669 tagged_above=-999 required=5 tests=[AWL=0.929, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RClosh6cIV5F for <hybi@ietfa.amsl.com>; Mon, 24 Oct 2011 07:02:47 -0700 (PDT)
Received: from sh78.surpasshosting.com (sh78.surpasshosting.com [72.29.64.142]) by ietfa.amsl.com (Postfix) with ESMTP id E6CB921F8C4A for <hybi@ietf.org>; Mon, 24 Oct 2011 07:02:46 -0700 (PDT)
Received: from c-68-51-77-246.hsd1.il.comcast.net ([68.51.77.246]:33207 helo=[10.0.1.82]) by sh78.surpasshosting.com with esmtpa (Exim 4.69) (envelope-from <webmaster@zaphoyd.com>) id 1RIL6x-0001X6-Jx; Mon, 24 Oct 2011 10:02:44 -0400
Mime-Version: 1.0 (Apple Message framework v1251.1)
Content-Type: multipart/alternative; boundary="Apple-Mail=_3DBC1076-8285-4810-ACED-89828EB6D849"
From: Peter Thorson <webmaster@zaphoyd.com>
In-Reply-To: <CADkeqZVvU31ML8tDAeYwnndvPZ9W8vEuzJksBm-4d1qv7MWObw@mail.gmail.com>
Date: Mon, 24 Oct 2011 09:02:42 -0500
Message-Id: <D178BFE3-2D77-43CA-92BE-7618E41325CB@zaphoyd.com>
References: <634914A010D0B943A035D226786325D42D0B036D6D@EXVMBX020-12.exch020.serverdata.net> <CADkeqZXXRkXCRrONLr5thwOqNVUxNWU0Q-9E0R0i=4S-bc-LFw@mail.gmail.com> <CADkeqZXDvu-JY8aZHJJPRH-_JnF196JjA_JG6X_1yrYSiAekuA@mail.gmail.com> <0ED03DDD-1AF9-41F9-B5F0-2968BF16E378@zaphoyd.com> <CADkeqZVvU31ML8tDAeYwnndvPZ9W8vEuzJksBm-4d1qv7MWObw@mail.gmail.com>
To: Alexey Melnikov <alexey.melnikov@isode.com>
X-Mailer: Apple Mail (2.1251.1)
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - sh78.surpasshosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - zaphoyd.com
X-Source:
X-Source-Args:
X-Source-Dir:
Cc: hybi@ietf.org
Subject: Re: [hybi] Fwd: failed TLS handshake: which close code?
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Oct 2011 14:02:48 -0000

On Oct 24, 2011, at 8:19 , Alexey Melnikov wrote:

> On Mon, Oct 24, 2011 at 2:09 PM, Peter Thorson <webmaster@zaphoyd.com> wrote:
> 
> On Oct 24, 2011, at 8:04 , Alexey Melnikov wrote:
> 
> > That was supposed to be sent to the mailing list. The WG should consider adding multiple codes if needed.
> >
> > TLS handshake probably deserves a separate 1XXX close code.
> 
> What is the procedure right now for adding more 1XXX close codes?
> 
> People should suggest specific close codes on the mailing list and, ideally, suggest their description.
> 
> For codes recommended this week or next (basically before the final RFC is published), there is a good chance that they can be included directly into the RFC-to-be.
> 
> Close codes suggested later can still be added to the registry (they will need a review by a yet-to-be-appointed Expert Reviewer -- IESG will take care of this), but they will not appear in the RFC.
> 
> All of the codes will be seen in the IANA registry (<http://www.iana.org/assignments/websocket/websocket.xml>)
>   
> In addition to TLS stuff, I still think (and a few here have agreed) that we also need a 1XXX code similar in meaning to HTTP 500/"internal server error"
> Agreed.


I that case like to propose the following code:

1011/Internal Endpoint Error

1011 indicates that an endpoint is terminating the connection due to an unexpected condition that prevents it from safely continuing. The condition is the result of an internal logic error and not the fault of the remote peer except tangentially (i.e. in cases where the remote peer sent a valid frame that the terminating endpoint could not understand). More information about the error may be available in the terminating endpoint's log files.

v2.23.0 | Report a Bug | By Email