Re: [TLS] Should we require implementations to send alerts?
Brian Smith <brian@briansmith.org> Thu, 17 September 2015 19:27 UTC
Return-Path: <brian@briansmith.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0FA5B1A895D for <tls@ietfa.amsl.com>; Thu, 17 Sep 2015 12:27:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CbQEaFJXYCvT for <tls@ietfa.amsl.com>; Thu, 17 Sep 2015 12:27:11 -0700 (PDT)
Received: from mail-io0-f174.google.com (mail-io0-f174.google.com [209.85.223.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 29B671A895B for <tls@ietf.org>; Thu, 17 Sep 2015 12:27:11 -0700 (PDT)
Received: by iofh134 with SMTP id h134so33583278iof.0 for <tls@ietf.org>; Thu, 17 Sep 2015 12:27:10 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=IgOzbDDNQIB5++LdSuvCUEGQ27dqhlXQ33E5ZMk9vLI=; b=fRqzTlD8xfEdXwljFl01JYA7z+j/huHOEuI6jw3ToGMF5T/xSvmVGEKLaKA5xUnmBa cta+InPvlQ68oXzY1O/4mRwvhB01ByWTZXYLFUpUKpW6DjWZtt0ZR8Uea+tBYykTHX4S sJb9XhylbXydvHVy8tnhkUz/LeYVm0aLl43sWptIBeCn8Flg7CrrjHIIV59GWyYrhXLt CAZh7X2/QnhP3M18LqIgO7o2rHkhZqKbWkJdJ0hStMTRvlETji0Kr7TYLiuzU5HNLRpB 7O8SI/Cfmk+ZEJxCf1bx0CBkag5Nba6A6v/zZmn5hN2AV17M2dLs9e3e+ZQdlo8ziRc3 650g==
X-Gm-Message-State: ALoCoQmPNBL2KnARvX8OPILECXwYZyeD371xj7AA+9xyFH5Xl6h+DPtC7tafAr9tg1TLu2F8Jzkp
MIME-Version: 1.0
X-Received: by 10.107.18.167 with SMTP id 39mr9863771ios.34.1442518030347; Thu, 17 Sep 2015 12:27:10 -0700 (PDT)
Received: by 10.79.107.204 with HTTP; Thu, 17 Sep 2015 12:27:10 -0700 (PDT)
In-Reply-To: <2561736.y7EIFaQIvx@pintsize.usersys.redhat.com>
References: <CABcZeBPnO4zn_HkvwLpLC+EVYN8EKOBEsR80oRt3HZgsiNGDoQ@mail.gmail.com> <CAFewVt6JAY20iXGZhufFRHSUrs5kVzP_CO2VmR5c1vaM-D_KZQ@mail.gmail.com> <2561736.y7EIFaQIvx@pintsize.usersys.redhat.com>
Date: Thu, 17 Sep 2015 12:27:10 -0700
Message-ID: <CAFewVt5sWrRMn0+dcVk6jiCKKB5OGH5JouyXLGo3SkhX=zpMMA@mail.gmail.com>
From: Brian Smith <brian@briansmith.org>
To: Hubert Kario <hkario@redhat.com>
Content-Type: multipart/alternative; boundary="001a113f2de8c81df8051ff6665d"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/Ocuy47_euvdRWFExo3d5_pzlzZY>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Should we require implementations to send alerts?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Sep 2015 19:27:13 -0000
Hubert Kario <hkario@redhat.com> wrote: > On Wednesday 16 September 2015 12:53:53 Brian Smith wrote: > > Thus, the empirical evidence from Mozilla's > > widely-deployed implementation shows that (a) the requirement to send > > alerts is difficult to conform to, and (b) it is unimportant in > > practice to send alerts. > > and yet Firefox depends on them to report human-readable errors to users > when it can't connect to a server... > In what situation will a conformant implementation send Firefox an alert? Firefox is conformant (AFAICT) and in particular Firefox implements the mandatory-to-implement cipher suite. Therefore no conformant implementation should be sending Firefox an alert other than close_notify. (We should focus on conformant implementations because non-conformant implementations can do whatever they want, by definition). > Making the alerts more predictable and with more pinned down meanings > will only _help_ the opportunistic HTTPS and HTTPS-by-default campaigns. > I've not seen any evidence that that is true. I have seen evidence in Firefox and other implementations that detailed alert information was harmful for security, and I shared a summary of that evidence in my early message. Also, instances of such harm are documented within the TLS RFCs themselves. > yes, we need to be careful about alerts that provide information about > secret data, but there's very little of such data during handshaking, > where the vast majority of alerts apply and where they are most useful > It's not clear that there is "little of such data" especially when you consider that more of the handshake is encrypted in TLS 1.3 and when you consider that an application may not process unencrypted data as soon as it has been received. Cheers, Brian -- https://briansmith.org/
- [TLS] Should we require implementations to send a… Eric Rescorla
- Re: [TLS] Should we require implementations to se… Martin Thomson
- Re: [TLS] Should we require implementations to se… Eric Rescorla
- Re: [TLS] Should we require implementations to se… Geoffrey Keating
- Re: [TLS] Should we require implementations to se… Martin Thomson
- Re: [TLS] Should we require implementations to se… Salz, Rich
- Re: [TLS] Should we require implementations to se… Viktor Dukhovni
- Re: [TLS] Should we require implementations to se… Eric Rescorla
- Re: [TLS] Should we require implementations to se… Dave Garrett
- Re: [TLS] Should we require implementations to se… Andrei Popov
- Re: [TLS] Should we require implementations to se… Hanno Böck
- Re: [TLS] Should we require implementations to se… Florian Weimer
- Re: [TLS] Should we require implementations to se… Salz, Rich
- Re: [TLS] Should we require implementations to se… Nico Williams
- Re: [TLS] Should we require implementations to se… Florian Weimer
- Re: [TLS] Should we require implementations to se… Henrik Grubbström
- Re: [TLS] Should we require implementations to se… Florian Weimer
- Re: [TLS] Should we require implementations to se… Salz, Rich
- Re: [TLS] Should we require implementations to se… Viktor Dukhovni
- Re: [TLS] Should we require implementations to se… Dave Garrett
- Re: [TLS] Should we require implementations to se… Jim Schaad
- Re: [TLS] Should we require implementations to se… Nico Williams
- Re: [TLS] Should we require implementations to se… Nico Williams
- Re: [TLS] Should we require implementations to se… Brian Smith
- Re: [TLS] Should we require implementations to se… Florian Weimer
- Re: [TLS] Should we require implementations to se… Hubert Kario
- Re: [TLS] Should we require implementations to se… Brian Smith
- Re: [TLS] Should we require implementations to se… Nico Williams
- Re: [TLS] Should we require implementations to se… Brian Smith
- Re: [TLS] Should we require implementations to se… Dave Garrett
- Re: [TLS] Should we require implementations to se… Nico Williams
- Re: [TLS] Should we require implementations to se… Nico Williams
- Re: [TLS] Should we require implementations to se… Dave Garrett
- Re: [TLS] Should we require implementations to se… Martin Thomson
- Re: [TLS] Should we require implementations to se… Brian Smith
- Re: [TLS] Should we require implementations to se… Nico Williams
- Re: [TLS] Should we require implementations to se… Brian Smith
- Re: [TLS] Should we require implementations to se… Nico Williams
- Re: [TLS] Should we require implementations to se… Dave Garrett
- Re: [TLS] Should we require implementations to se… Dave Garrett
- Re: [TLS] Should we require implementations to se… David Benjamin
- Re: [TLS] Should we require implementations to se… Brian Smith
- Re: [TLS] Should we require implementations to se… Brian Smith
- Re: [TLS] Should we require implementations to se… Dave Garrett
- Re: [TLS] Should we require implementations to se… Dave Garrett
- Re: [TLS] Should we require implementations to se… Martin Rex
- Re: [TLS] Should we require implementations to se… Brian Smith
- Re: [TLS] Should we require implementations to se… Dave Garrett
- Re: [TLS] Should we require implementations to se… Dave Garrett
- Re: [TLS] Should we require implementations to se… Brian Smith
- Re: [TLS] Should we require implementations to se… David Benjamin
- Re: [TLS] Should we require implementations to se… Hubert Kario
- Re: [TLS] Should we require implementations to se… Hubert Kario
- Re: [TLS] Should we require implementations to se… Brian Smith
- Re: [TLS] Should we require implementations to se… Benjamin Kaduk
- Re: [TLS] Should we require implementations to se… Tony Arcieri
- Re: [TLS] Should we require implementations to se… Dave Garrett
- Re: [TLS] Should we require implementations to se… Bill Frantz
- Re: [TLS] Should we require implementations to se… Kurt Roeckx
- Re: [TLS] Should we require implementations to se… Kurt Roeckx
- Re: [TLS] Should we require implementations to se… Viktor Dukhovni
- Re: [TLS] Should we require implementations to se… Hubert Kario
- Re: [TLS] Should we require implementations to se… Hubert Kario