IETF Logo Mail Archive

Re: [TLS] Should we require implementations to send alerts?

Hubert Kario <hkario@redhat.com> Fri, 18 September 2015 11:27 UTC

Return-Path: <hkario@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C5801B2B13 for <tls@ietfa.amsl.com>; Fri, 18 Sep 2015 04:27:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.911
X-Spam-Level:
X-Spam-Status: No, score=-6.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PPDXODu-Wp_R for <tls@ietfa.amsl.com>; Fri, 18 Sep 2015 04:27:49 -0700 (PDT)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3AC3D1B2B11 for <tls@ietf.org>; Fri, 18 Sep 2015 04:27:49 -0700 (PDT)
Received: from int-mx09.intmail.prod.int.phx2.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by mx1.redhat.com (Postfix) with ESMTPS id CBAE591DAC; Fri, 18 Sep 2015 11:27:48 +0000 (UTC)
Received: from pintsize.usersys.redhat.com (dhcp-0-251.brq.redhat.com [10.34.0.251]) by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id t8IBRlVU021464 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO); Fri, 18 Sep 2015 07:27:48 -0400
From: Hubert Kario <hkario@redhat.com>
To: tls@ietf.org
Date: Fri, 18 Sep 2015 13:27:41 +0200
Message-ID: <1876740.7Yi6OiEkPo@pintsize.usersys.redhat.com>
User-Agent: KMail/4.14.9 (Linux/4.1.6-201.fc22.x86_64; KDE/4.14.9; x86_64; ; )
In-Reply-To: <CAFewVt5CtVkgoA6Ls8_yd2f5b3TOONStGXHyCs8jxHap1qWPKg@mail.gmail.com>
References: <CABcZeBPnO4zn_HkvwLpLC+EVYN8EKOBEsR80oRt3HZgsiNGDoQ@mail.gmail.com> <CABkgnnVjQ3yqvJeuCAfL0Fx6BR0xAWhf1eKmVWXWY2nkRwfLGg@mail.gmail.com> <CAFewVt5CtVkgoA6Ls8_yd2f5b3TOONStGXHyCs8jxHap1qWPKg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="nextPart1513816.tgyW5PJxh4"; micalg="pgp-sha512"; protocol="application/pgp-signature"
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.22
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/LiygYWjsgl5SF66LnOwvqGm5T-c>
Subject: Re: [TLS] Should we require implementations to send alerts?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Sep 2015 11:27:50 -0000

On Thursday 17 September 2015 15:30:12 Brian Smith wrote:
> Martin Thomson <martin.thomson@gmail.com> wrote:
> > We're not sure where we stand with version fallback and 1.3.  We
> > don't
> > know how much version intolerance 1.3 will generate.
> > That at least
> > might not depend on alerts, though we don't know just yet.
> 
> A conformant TLS 1.3 implementation cannot be version intolerant. If
> it were version intolerant then it would not be a conformant TLS 1.3
> implementation. So, conformance requirements for TLS .1.3 servers
> don't matter as far as version intolerance is concerned.

except that a TLS1.3 version intolerant implementation won't show its 
ugly head until TLS1.4 gets deployed

"non conformant" TLS1.2 is in same boat. Just because it can 
interoperate (the *only* thing PHBs care about) doesn't mean it is 
conformant (that's the stuff we care about because that means backwards 
and *forwards* compatibility)

> > I don't see much support for the notion that forbidding alerts is a
> > good idea.  We use alerts quite a bit for basic diagnosis.  Bad
> > configurations are pretty commonplace, the most common being one
> > where there is no common cipher suite.  Being able to isolate the
> > error that is pretty useful.
> 
> I still think it is better to recommend to never send alerts. But, at
> least there are good reasons (which I gave much earlier in the
> thread) for why a server would choose not to send alerts, e.g. out of
> an abundance of caution. So, "MUST send" is clearly too far.

Sorry, but there are no good reasons why not to send them. Not sending 
them may cause interoperability issues in the future, so an 
implementation, if at all possible, should send them. That makes them a 
MUST.
-- 
Regards,
Hubert Kario
Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic

v2.23.0 | Report a Bug | By Email