IETF Logo Mail Archive

Re: [TLS] Should we require implementations to send alerts?

Nico Williams <nico@cryptonector.com> Wed, 16 September 2015 19:23 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A360D1A00FA for <tls@ietfa.amsl.com>; Wed, 16 Sep 2015 12:23:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.467
X-Spam-Level:
X-Spam-Status: No, score=-0.467 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7_D5dUmoa1Mp for <tls@ietfa.amsl.com>; Wed, 16 Sep 2015 12:23:42 -0700 (PDT)
Received: from homiemail-a108.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) by ietfa.amsl.com (Postfix) with ESMTP id 4EFD41A00F6 for <tls@ietf.org>; Wed, 16 Sep 2015 12:23:42 -0700 (PDT)
Received: from homiemail-a108.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a108.g.dreamhost.com (Postfix) with ESMTP id C2FCD2005D936; Wed, 16 Sep 2015 12:23:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=aTDpsdC6va7f7w /QTk+xHSezSWw=; b=eliVqB7KbeTeqEQprO0O/dZpm7IZ8eLca2yW0oTg+QH5k9 45d/tWv+sQFyd6wy1yLOGa/QTRzurGy8z1x08za2coI1ZUr2O4ouuAWzo/ZZVEcu No6O5QFCtZZqZilY93eUtMeMW4inXOh9FOik4tdCv/dOFfZfsoGm/tzxXwryI=
Received: from localhost (108-207-244-100.lightspeed.austtx.sbcglobal.net [108.207.244.100]) (Authenticated sender: nico@cryptonector.com) by homiemail-a108.g.dreamhost.com (Postfix) with ESMTPA id 6269E2005D82E; Wed, 16 Sep 2015 12:23:41 -0700 (PDT)
Date: Wed, 16 Sep 2015 14:23:40 -0500
From: Nico Williams <nico@cryptonector.com>
To: Florian Weimer <fweimer@redhat.com>
Message-ID: <20150916192338.GK13294@localhost>
References: <CABcZeBPnO4zn_HkvwLpLC+EVYN8EKOBEsR80oRt3HZgsiNGDoQ@mail.gmail.com> <55F81AA6.2040107@redhat.com> <20150915162921.GG13294@localhost> <55F93E51.50001@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <55F93E51.50001@redhat.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/IIXyqQ-C0nP5-7VT90y-wSxKX3g>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Should we require implementations to send alerts?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Sep 2015 19:23:43 -0000

On Wed, Sep 16, 2015 at 12:02:57PM +0200, Florian Weimer wrote:
> On 09/15/2015 06:29 PM, Nico Williams wrote:
> > But if you have a fatal error you'll be closing immediately anyways.
> 
> I'm trying to explain that any requirement to send fatal alerts will be
> difficult to implement.  With the BSD sockets API, the only way to do
> that reliable is *not* to close the socket immediately, which is
> apparently not what you (or existing APIs) expect, and which is where
> the difficulty lies.

*Sending* the fatal alert is not hard at all.  Giving the peer a fair
chance to get them is the difficult thing.  Strictly speaking then,
requiring that fata alerts be sent is not difficult to implement.  :^)

Tongue-in-cheek aside, I think it's fair to say that fata alerts SHOULD
be sent rather than MUST be sent.  And it's a good idea to explain that
sending a fatal alert, by itself, does not really mean that the peer is
even more likely than not to see it, that more effort is required by the
sender to give the peer a fair chance of seeing it.

Fatal alerts are useful for diagnostics purposes at least, but there's
no real need to tell a peer why you're slamming the door on them, is
there.

Nico
--

v2.23.0 | Report a Bug | By Email