Re: [TLS] Genart last call review of draft-ietf-tls-tls13-24
Peter Gutmann <pgut001@cs.auckland.ac.nz> Sat, 31 March 2018 01:01 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 060E8124234; Fri, 30 Mar 2018 18:01:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id djJr1mxgLHlo; Fri, 30 Mar 2018 18:01:42 -0700 (PDT)
Received: from mx4-int.auckland.ac.nz (mx4-int.auckland.ac.nz [130.216.125.246]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F0FFD1205F0; Fri, 30 Mar 2018 18:01:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1522458101; x=1553994101; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=Aq9227HAcMOZxEFhlAyHx/5eSqU92+jEFYTOGVfV0xA=; b=eZoOFpmpyZ+vTtHfMgHN5wotW6XNc7jDS+zwNSZoBmy0g9V4Lj+ZF1Cb nI9kgtc8FPNHw8Aueb4VAN0hfGVSV4FMj5qXV23lMUYwVDiY3yaMiCuUN R1QlAuG3lO4L4KbIT5kQPqJJfWo4m8uixfwd1cwZ6nlQ5Q66alkgc4Yzz dliHU9D2Du7IIN0RMz+LsJNS9kxmHKYcVauqG351NJlgM/7IGqJK2MIeJ na2BgTHYLbJcAIDAqRYRn12z85i/Jd0t4F3lPW9BtAvZUhjBFrVTMiS1B hkYl6ax9oZb+mKw6N8qqePkW3tYQgG1kPB8fd6LIwXJkkkTUR3kWvlOW3 Q==;
X-IronPort-AV: E=Sophos;i="5.48,383,1517828400"; d="scan'208";a="6015840"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 10.6.3.2 - Outgoing - Outgoing
Received: from uxcn13-tdc-a.uoa.auckland.ac.nz ([10.6.3.2]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 31 Mar 2018 14:01:34 +1300
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.5) by uxcn13-tdc-a.UoA.auckland.ac.nz (10.6.3.2) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Sat, 31 Mar 2018 14:01:34 +1300
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.25]) by uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.25]) with mapi id 15.00.1263.000; Sat, 31 Mar 2018 14:01:34 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Bill Frantz <frantz@pwpconsult.com>
CC: Steve Fenter <steven.fenter58@gmail.com>, "Dale R. Worley" <worley@ariadne.com>, "gen-art@ietf.org" <gen-art@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "draft-ietf-tls-tls13.all@ietf.org" <draft-ietf-tls-tls13.all@ietf.org>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Genart last call review of draft-ietf-tls-tls13-24
Thread-Index: AQHTx7wzWLe9N5LKX0OEOqF/VURukKPoD3FogABaAQCAAR5few==
Date: Sat, 31 Mar 2018 01:01:33 +0000
Message-ID: <1522458057384.27890@cs.auckland.ac.nz>
References: <1522377304060.20682@cs.auckland.ac.nz>, <r470Ps-10133i-7B3DEB3D7CF1410DB2E2FF250A811BB1@Williams-MacBook-Pro.local>
In-Reply-To: <r470Ps-10133i-7B3DEB3D7CF1410DB2E2FF250A811BB1@Williams-MacBook-Pro.local>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/2nO0krTnLOErA811OU7DAeFv4Eg>
Subject: Re: [TLS] Genart last call review of draft-ietf-tls-tls13-24
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 31 Mar 2018 01:01:44 -0000
Bill Frantz <frantz@pwpconsult.com> writes: >We have always avoided the long form error messages in TLS because they can >be of great help to attackers as well as debuggers. That's why I said it was a debug-only capability, not an always-enabled on-by- default capability. >I think this objection is much weaker if we write the long form error >messages into a log that is kept with other server logs. That's the worst-case debugging scenario I mentioned where you need to contact the server admin on every test run to see what went wrong. What you've described is the (broken) status quo that people in this thread are trying to fix. Peter.
- [TLS] Genart last call review of draft-ietf-tls-t… Dale Worley
- Re: [TLS] [Gen-art] Genart last call review of dr… Alissa Cooper
- Re: [TLS] Genart last call review of draft-ietf-t… Colm MacCárthaigh
- Re: [TLS] Genart last call review of draft-ietf-t… Ted Lemon
- Re: [TLS] Genart last call review of draft-ietf-t… Dale R. Worley
- Re: [TLS] Genart last call review of draft-ietf-t… Eric Rescorla
- Re: [TLS] Genart last call review of draft-ietf-t… David Benjamin
- Re: [TLS] Genart last call review of draft-ietf-t… Eric Rescorla
- Re: [TLS] Genart last call review of draft-ietf-t… Steve Fenter
- Re: [TLS] Genart last call review of draft-ietf-t… Peter Gutmann
- Re: [TLS] Genart last call review of draft-ietf-t… Bill Frantz
- Re: [TLS] Genart last call review of draft-ietf-t… Eric Rescorla
- Re: [TLS] Genart last call review of draft-ietf-t… Peter Gutmann
- Re: [TLS] Genart last call review of draft-ietf-t… Kathleen Moriarty
- Re: [TLS] Genart last call review of draft-ietf-t… Peter Gutmann
- Re: [TLS] Genart last call review of draft-ietf-t… Salz, Rich
- Re: [TLS] Genart last call review of draft-ietf-t… Peter Gutmann
- Re: [TLS] Genart last call review of draft-ietf-t… Salz, Rich
- Re: [TLS] Genart last call review of draft-ietf-t… Dale R. Worley
- Re: [TLS] Genart last call review of draft-ietf-t… Viktor Dukhovni
- Re: [TLS] Genart last call review of draft-ietf-t… Salz, Rich
- Re: [TLS] Genart last call review of draft-ietf-t… Stan Kalisch
- Re: [TLS] Genart last call review of draft-ietf-t… Ion Larranaga Azcue
- Re: [TLS] Genart last call review of draft-ietf-t… Viktor Dukhovni
- Re: [TLS] Genart last call review of draft-ietf-t… Stan Kalisch
- Re: [TLS] Genart last call review of draft-ietf-t… Eric Rescorla
- Re: [TLS] Genart last call review of draft-ietf-t… Viktor Dukhovni
- Re: [TLS] Genart last call review of draft-ietf-t… Salz, Rich
- Re: [TLS] Genart last call review of draft-ietf-t… Peter Gutmann
- Re: [TLS] Genart last call review of draft-ietf-t… Peter Gutmann
- Re: [TLS] Genart last call review of draft-ietf-t… Ion Larranaga Azcue
- Re: [TLS] Genart last call review of draft-ietf-t… Peter Gutmann
- Re: [TLS] Genart last call review of draft-ietf-t… Ion Larranaga Azcue
- Re: [TLS] Genart last call review of draft-ietf-t… Stan Kalisch