IETF Logo Mail Archive

Re: [TLS] Should we require implementations to send alerts?

Brian Smith <brian@briansmith.org> Thu, 17 September 2015 19:27 UTC

Return-Path: <brian@briansmith.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0FA5B1A895D for <tls@ietfa.amsl.com>; Thu, 17 Sep 2015 12:27:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CbQEaFJXYCvT for <tls@ietfa.amsl.com>; Thu, 17 Sep 2015 12:27:11 -0700 (PDT)
Received: from mail-io0-f174.google.com (mail-io0-f174.google.com [209.85.223.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 29B671A895B for <tls@ietf.org>; Thu, 17 Sep 2015 12:27:11 -0700 (PDT)
Received: by iofh134 with SMTP id h134so33583278iof.0 for <tls@ietf.org>; Thu, 17 Sep 2015 12:27:10 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=IgOzbDDNQIB5++LdSuvCUEGQ27dqhlXQ33E5ZMk9vLI=; b=fRqzTlD8xfEdXwljFl01JYA7z+j/huHOEuI6jw3ToGMF5T/xSvmVGEKLaKA5xUnmBa cta+InPvlQ68oXzY1O/4mRwvhB01ByWTZXYLFUpUKpW6DjWZtt0ZR8Uea+tBYykTHX4S sJb9XhylbXydvHVy8tnhkUz/LeYVm0aLl43sWptIBeCn8Flg7CrrjHIIV59GWyYrhXLt CAZh7X2/QnhP3M18LqIgO7o2rHkhZqKbWkJdJ0hStMTRvlETji0Kr7TYLiuzU5HNLRpB 7O8SI/Cfmk+ZEJxCf1bx0CBkag5Nba6A6v/zZmn5hN2AV17M2dLs9e3e+ZQdlo8ziRc3 650g==
X-Gm-Message-State: ALoCoQmPNBL2KnARvX8OPILECXwYZyeD371xj7AA+9xyFH5Xl6h+DPtC7tafAr9tg1TLu2F8Jzkp
MIME-Version: 1.0
X-Received: by 10.107.18.167 with SMTP id 39mr9863771ios.34.1442518030347; Thu, 17 Sep 2015 12:27:10 -0700 (PDT)
Received: by 10.79.107.204 with HTTP; Thu, 17 Sep 2015 12:27:10 -0700 (PDT)
In-Reply-To: <2561736.y7EIFaQIvx@pintsize.usersys.redhat.com>
References: <CABcZeBPnO4zn_HkvwLpLC+EVYN8EKOBEsR80oRt3HZgsiNGDoQ@mail.gmail.com> <CAFewVt6JAY20iXGZhufFRHSUrs5kVzP_CO2VmR5c1vaM-D_KZQ@mail.gmail.com> <2561736.y7EIFaQIvx@pintsize.usersys.redhat.com>
Date: Thu, 17 Sep 2015 12:27:10 -0700
Message-ID: <CAFewVt5sWrRMn0+dcVk6jiCKKB5OGH5JouyXLGo3SkhX=zpMMA@mail.gmail.com>
From: Brian Smith <brian@briansmith.org>
To: Hubert Kario <hkario@redhat.com>
Content-Type: multipart/alternative; boundary="001a113f2de8c81df8051ff6665d"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/Ocuy47_euvdRWFExo3d5_pzlzZY>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Should we require implementations to send alerts?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Sep 2015 19:27:13 -0000

Hubert Kario <hkario@redhat.com> wrote:

> On Wednesday 16 September 2015 12:53:53 Brian Smith wrote:
> > Thus, the empirical evidence from Mozilla's
> > widely-deployed implementation shows that (a) the requirement to send
> > alerts is difficult to conform to, and (b) it is unimportant in
> > practice to send alerts.
>
> and yet Firefox depends on them to report human-readable errors to users
> when it can't connect to a server...
>

In what situation will a conformant implementation send Firefox an alert?
Firefox is conformant (AFAICT) and in particular Firefox implements the
mandatory-to-implement cipher suite. Therefore no conformant implementation
should be sending Firefox an alert other than close_notify.

(We should focus on conformant implementations because non-conformant
implementations can do whatever they want, by definition).


> Making the alerts more predictable and with more pinned down meanings
> will only _help_ the opportunistic HTTPS and HTTPS-by-default campaigns.
>

I've not seen any evidence that that is true. I have seen evidence in
Firefox and other implementations that detailed alert information was
harmful for security, and I shared a summary of that evidence in my early
message. Also, instances of such harm are documented within the TLS RFCs
themselves.


> yes, we need to be careful about alerts that provide information about
> secret data, but there's very little of such data during handshaking,
> where the vast majority of alerts apply and where they are most useful
>

It's not clear that there is "little of such data" especially when you
consider that more of the handshake is encrypted in TLS 1.3 and when you
consider that an application may not process unencrypted data as soon as it
has been received.

Cheers,
Brian
-- 
https://briansmith.org/

v2.23.0 | Report a Bug | By Email