IETF Logo Mail Archive

[TLS] Deprecating alert levels

Kyle Nekritz <knekritz@fb.com> Fri, 14 October 2016 21:07 UTC

Return-Path: <prvs=9095d0340a=knekritz@fb.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7AF50129428 for <tls@ietfa.amsl.com>; Fri, 14 Oct 2016 14:07:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.72
X-Spam-Level:
X-Spam-Status: No, score=-2.72 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fb.com header.b=mKw23ssb; dkim=pass (1024-bit key) header.d=fb.onmicrosoft.com header.b=H6YNWNvf
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eG6Upsc7IMPX for <tls@ietfa.amsl.com>; Fri, 14 Oct 2016 14:07:36 -0700 (PDT)
Received: from mx0a-00082601.pphosted.com (mx0b-00082601.pphosted.com [67.231.153.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C3963129640 for <tls@ietf.org>; Fri, 14 Oct 2016 14:07:36 -0700 (PDT)
Received: from pps.filterd (m0089730.ppops.net [127.0.0.1]) by m0089730.ppops.net (8.16.0.17/8.16.0.17) with SMTP id u9EL3phD027546 for <tls@ietf.org>; Fri, 14 Oct 2016 14:07:33 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fb.com; h=from : to : subject : date : message-id : content-type : mime-version; s=facebook; bh=yjVOFw8ST1xw6a3ysTVY2PcwOjEJNFKoR/pspOV2s8E=; b=mKw23ssbmWT3r187hOkYaXyYtyUwTfCMKpJ9qFj44y46pvZWP/msVb7NJydDbfisenSE YxQb04sOisJjQI+3g17Uh77UxZe3HgPYvgsLNqQ57oF4NtXVbh/FOTQx+GiGoCu/ldnr KUP3ZQIAcJsuqIN3gEAuM9Qld61KX2GlDj0=
Received: from mail.thefacebook.com ([199.201.64.23]) by m0089730.ppops.net with ESMTP id 261sv7mnx7-1 (version=TLSv1 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NOT) for <tls@ietf.org>; Fri, 14 Oct 2016 14:07:33 -0700
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (192.168.54.28) by o365-in.thefacebook.com (192.168.16.22) with Microsoft SMTP Server (TLS) id 14.3.294.0; Fri, 14 Oct 2016 14:07:32 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.onmicrosoft.com; s=selector1-fb-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=XIJAnPu/5mhWvSeOEuHVS6DtESZnteySnoRyhoybMgc=; b=H6YNWNvfp/Wh+sc0rkWuYbhx4T11T1Eb+N2TljoJ4F6XYtH0Na/CCW0vHdnHrXS8gCI8SSMGtYkGSBZPzerOR15IY+dbusWCDYWRhWB+DQ+mZQCyzIk/NehMoLPuXfp1LHceJrBx/l6RGmLiLdAuA4ATHgrBQDQMGfD30FbOLXc=
Received: from MWHPR15MB1182.namprd15.prod.outlook.com (10.175.2.136) by MWHPR15MB1183.namprd15.prod.outlook.com (10.175.2.137) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.659.11; Fri, 14 Oct 2016 21:07:31 +0000
Received: from MWHPR15MB1182.namprd15.prod.outlook.com ([10.175.2.136]) by MWHPR15MB1182.namprd15.prod.outlook.com ([10.175.2.136]) with mapi id 15.01.0659.020; Fri, 14 Oct 2016 21:07:30 +0000
From: Kyle Nekritz <knekritz@fb.com>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: Deprecating alert levels
Thread-Index: AdImXnNSskDkr/RBRyKiMCb2wmhMDw==
Date: Fri, 14 Oct 2016 21:07:30 +0000
Message-ID: <MWHPR15MB1182C9D7ED8BA11F0EAEFCE8AFDF0@MWHPR15MB1182.namprd15.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2620:10d:c091:200::6:5622]
x-ms-office365-filtering-correlation-id: d5bfeaf0-3353-4b00-499c-08d3f4761c6f
x-microsoft-exchange-diagnostics: 1; MWHPR15MB1183; 20:zlOhM5q7utXvk+QhLUXLSciHt7VaRKs3Bu5XiRvj8/byVMBvfUpFsL3vRHFGBg1e+NSixCKN19+HfQwJ+EsCgXjG55JP0syAwp1/X6EuBUIav48po0Mqu3WA4Oywmgomx4NYTpKk3/+8vMVMGoNmv38/0tH/EHzef6wrj6QO+Fk=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:MWHPR15MB1183;
x-microsoft-antispam-prvs: <MWHPR15MB1183E6677C41C94892C4B78EAFDF0@MWHPR15MB1183.namprd15.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(166708455590820)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040176)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001); SRVR:MWHPR15MB1183; BCL:0; PCL:0; RULEID:; SRVR:MWHPR15MB1183;
x-forefront-prvs: 0095BCF226
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(7916002)(189002)(199003)(189998001)(15975445007)(15650500001)(33656002)(50986999)(19300405004)(450100001)(110136003)(54356999)(7110500001)(7696004)(19580395003)(105586002)(2501003)(8676002)(86362001)(1730700003)(5640700001)(81156014)(76576001)(10400500002)(99286002)(122556002)(101416001)(107886002)(81166006)(2420400007)(5002640100001)(97736004)(3280700002)(92566002)(7736002)(2906002)(8936002)(9686002)(74316002)(68736007)(10710500007)(6116002)(106356001)(19625215002)(7846002)(3480700004)(77096005)(5660300001)(229853001)(87936001)(2351001)(2900100001)(7116003)(5630700001)(6916009)(16236675004)(586003)(102836003)(790700001)(3660700001)(3826002); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR15MB1183; H:MWHPR15MB1182.namprd15.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: fb.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_MWHPR15MB1182C9D7ED8BA11F0EAEFCE8AFDF0MWHPR15MB1182namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Oct 2016 21:07:30.6232 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 8ae927fe-1255-47a7-a2af-5f3a069daaa2
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR15MB1183
X-OriginatorOrg: fb.com
X-Proofpoint-Spam-Reason: safe
X-FB-Internal: Safe
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2016-10-14_10:, , signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/J0nkDHftUzLNNWXTZp-oxlODIlA>
Subject: [TLS] Deprecating alert levels
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Oct 2016 21:07:38 -0000

After PR #625 all alerts are required to be sent with fatal AlertLevel except for close_notify, end_of_early_data, and user_canceled. Since those three alerts all have separate specified behavior, the AlertLevel field is not serving much purpose, other than providing potential for misuse. We (Facebook) currently receive a number of alerts at incorrect levels from clients (internal_error warning alerts, etc.). I propose deprecating this field to simplify implementations and require that any misuse be ignored.

PR: https://github.com/tlswg/tls13-spec/pull/693

Kyle

v2.23.0 | Report a Bug | By Email