[TLS] RFC-4366-bis and the unrecognized_name(112) alert

["Yngve Nysaeter Pettersen" <yngve@opera.com>]

Hello all,

In the past few of weeks a couple of servers supporting SNI has come to my  
attention because they send the Warning alert "unrecognized_name" (112) in  
response to their actual name (that is, it should have recognized the  
name, and not sent that Warning).

It seems like these servers have started to use the SNI functionality in  
the underlying TLS implementation, but that there is a problem with  
configuring the handling of the extension and keeping it in sync with the  
rest of the configuration. That is a problem for the vendor.

RFC 4366-bis currently says:

    If the server understood the client hello extension but
    does not recognize any of the server names, it SHOULD send an
    unrecognized_name(112) alert (which MAY be fatal).

My question is: What should a client do if it receives this alert as a  
Warning?

AFAICT there are several options:

   - Ignore it (several clients appears to do this currently). If so, what  
is the use-case for this warning?

   - Always ask the user. He or she probably won't understand the issue,  
and will click through anyway.

   - Check the certificate, and either warn the user if it does not match  
(which all browsers would do anyway without the alert; so why need the  
alert?), or escalate to Fatal.

   - Always escalate to Fatal (which is what Opera currently does)

What was the original reasoning for making the alert only optionally  
Fatal? Why not always Fatal, or always Warning?

May I suggest that the spec is updated with some advice for how a client  
should behave when it receives the alert as a Warning?


-- 
Sincerely,
Yngve N. Pettersen
********************************************************************
Senior Developer		     Email: yngve@opera.com
Opera Software ASA                   http://www.opera.com/
Phone:  +47 24 16 42 60              Fax:    +47 24 16 40 01
********************************************************************