Re: [TLS] Expanded alert codes. [Was Re: Genart last call review of draft-ietf-tls-tls13-24] (Dale R. Worley) Fri, 06 April 2018 02:25 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id EFF9912D94B for <>; Thu, 5 Apr 2018 19:25:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.686
X-Spam-Status: No, score=-1.686 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_LOW=-0.7, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id tKO4cYVIgBKk for <>; Thu, 5 Apr 2018 19:25:52 -0700 (PDT)
Received: from ( [IPv6:2001:558:fe21:29:69:252:207:44]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 0A0AA12E87C for <>; Thu, 5 Apr 2018 19:25:50 -0700 (PDT)
Received: from ([]) by with ESMTP id 4H4Gfss8soWpd4H4YfoXLA; Fri, 06 Apr 2018 02:25:50 +0000
Received: from ([IPv6:2601:192:4603:9471:222:fbff:fe91:d396]) by with SMTP id 4H4VfRi688pS64H4WfTxD5; Fri, 06 Apr 2018 02:25:49 +0000
Received: from ( []) by (8.14.7/8.14.7) with ESMTP id w362PkjF026617; Thu, 5 Apr 2018 22:25:46 -0400
Received: (from worley@localhost) by (8.14.7/8.14.7/Submit) id w362PjQH026612; Thu, 5 Apr 2018 22:25:45 -0400
X-Authentication-Warning: worley set sender to using -f
To: Eric Rescorla <>
In-Reply-To: <> (
Date: Thu, 05 Apr 2018 22:25:45 -0400
Message-ID: <>
X-CMAE-Envelope: MS4wfNkOzsOtIn1IziHA4X3nmRCTTTbBBXDZ7xakuaOYKekiuwXdDIWslQ3FXMvw/k665IQKBPobP9AiFiEwvKB5I0A5wbejLVzBexDOpiiDng/ZqAHY/nHr STmaUirBZ1wdpHwgKZy8PKuV6ZcIng10XscKrJFpZ07fPwnjKlCiM/X0by18HPe+9o5rJwtnnP6FNAoY78L/AOoPPl47BMdDC+CePonHySt8ewfiP0LCGpbQ FGnsuliET8HgnYEdQ1PH+z3ULu0i+wgN1udBrM1dsIUmeqF8+tlv8zerVFS0SosI5W3R2kEXol1Fk7vl9PTZGtz+6oMOhOcbl2fIIdzPeBq6hReV93sE06dY up47xuh1GzlAwXxNbHZnoUnRpJ6qGRrJmfKEc0HWVMnj0ftNjvS7AMu8Th0pb4VHVf6uA7JWCWom2FpiDlm83ON3KbY3dA==
Archived-At: <>
Subject: Re: [TLS] Expanded alert codes. [Was Re: Genart last call review of draft-ietf-tls-tls13-24]
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 06 Apr 2018 02:25:53 -0000

Eric Rescorla <> writes:
> I guess there might be some intermediate category 1.5 that's kind of in
> production so you don't want to print out complete logs, but you'd like
> more detail than you would probably want to expose in general, but my
> experience is that that's not super-common.

My expectation is that the useful case is when there *aren't* any logs,
or what logging is done does not tell the specific reasons that
particular interactions were rejected.  That's pretty common in SIP

Of course, anything like this would be an extension.  But would it be
reasonable for one endpoint to present a "debug password" in its request
which, if it matched the debug password set in the other endpoint, would
cause the other endpoint to provide fuller error information?  That
would allow a "debug window" that could be exploited only between
endpoints that had some sort of administrative coordination.