IETF Logo Mail Archive

Re: [TLS] Should we require implementations to send alerts?

Viktor Dukhovni <ietf-dane@dukhovni.org> Wed, 16 September 2015 16:57 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5FCBF1B3929 for <tls@ietfa.amsl.com>; Wed, 16 Sep 2015 09:57:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id payXg4lq_imq for <tls@ietfa.amsl.com>; Wed, 16 Sep 2015 09:57:09 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EBC761B3921 for <tls@ietf.org>; Wed, 16 Sep 2015 09:57:08 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id D8BDA284AED; Wed, 16 Sep 2015 16:57:06 +0000 (UTC)
Date: Wed, 16 Sep 2015 16:57:06 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: tls@ietf.org
Message-ID: <20150916165706.GZ21942@mournblade.imrryr.org>
References: <CABcZeBPnO4zn_HkvwLpLC+EVYN8EKOBEsR80oRt3HZgsiNGDoQ@mail.gmail.com> <55F81AA6.2040107@redhat.com> <20150915162921.GG13294@localhost> <55F93E51.50001@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <55F93E51.50001@redhat.com>
User-Agent: Mutt/1.5.24 (2015-08-30)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/5l4un8LyvPN4MJ10RyL2MMYIi-g>
Subject: Re: [TLS] Should we require implementations to send alerts?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tls@ietf.org
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Sep 2015 16:57:10 -0000

On Wed, Sep 16, 2015 at 12:02:57PM +0200, Florian Weimer wrote:

> I'm trying to explain that any requirement to send fatal alerts will be
> difficult to implement.  With the BSD sockets API, the only way to do
> that reliable is *not* to close the socket immediately, which is
> apparently not what you (or existing APIs) expect, and which is where
> the difficulty lies.

This is silly.  The server sends the alert on a best-effort basis.
We cannot impose a magical requirement that the alert gets there.
The requirement is to send, not to guarantee successful transmission.

Sending is easy, just write the alert down the socket (even that
might fail and that's fine).

In practice, if the the server is the first to detect an error,
its alert gets to the client.  There's no need to read too much
into this.

-- 
	Viktor.

v2.23.0 | Report a Bug | By Email