IETF Logo Mail Archive

Re: [TLS] Should we require implementations to send alerts?

Dave Garrett <davemgarrett@gmail.com> Thu, 17 September 2015 21:57 UTC

Return-Path: <davemgarrett@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F6B71A87BD for <tls@ietfa.amsl.com>; Thu, 17 Sep 2015 14:57:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GT3PvyAuvp75 for <tls@ietfa.amsl.com>; Thu, 17 Sep 2015 14:57:28 -0700 (PDT)
Received: from mail-qk0-x236.google.com (mail-qk0-x236.google.com [IPv6:2607:f8b0:400d:c09::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6EA061A8791 for <tls@ietf.org>; Thu, 17 Sep 2015 14:57:28 -0700 (PDT)
Received: by qkfq186 with SMTP id q186so12576624qkf.1 for <tls@ietf.org>; Thu, 17 Sep 2015 14:57:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:subject:date:user-agent:cc:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; bh=v6iF+8+ptkUVQtDYOQgRLbdOfiGubx6AqL4yxD7Od/0=; b=ZgWAicVWBhTN5w7EcTXxjzEnD+6NgW0yMx+YugLqfe7WC06fcjPfUL/B15RPwQ8z63 8bsvHG6jZYe1HqrhN9OMYS8iwP+hiBJfpTac9cNYqkT+IKaaXpzD8IhxERtB/eaqm/rs Xcg3mYrUj7oyc1KiggYhnB7y7MELlR+N6tgUo4w0Nns9Uz/9jc4Fi9WL2iutuMmYokF6 jvvbe/2zQeznVqGyCWbmcsB+Rf6vlWfAESuhtqjFO2GJ5IPyUeIZ5hEpAe/lEvLG1YPJ R/P5a5u4dW8aKPshs/tL8UqJ3CaIFwT1R0ap+ZTDHcSETtmYIShaeGHj4JDZOvGSD/aM pEVg==
X-Received: by 10.55.197.139 with SMTP id k11mr2627840qkl.11.1442527047650; Thu, 17 Sep 2015 14:57:27 -0700 (PDT)
Received: from dave-laptop.localnet (pool-72-94-152-197.phlapa.fios.verizon.net. [72.94.152.197]) by smtp.gmail.com with ESMTPSA id d60sm2171378qga.30.2015.09.17.14.57.27 (version=TLSv1 cipher=RC4-SHA bits=128/128); Thu, 17 Sep 2015 14:57:27 -0700 (PDT)
From: Dave Garrett <davemgarrett@gmail.com>
To: tls@ietf.org
Date: Thu, 17 Sep 2015 17:57:25 -0400
User-Agent: KMail/1.13.5 (Linux/2.6.32-74-generic-pae; KDE/4.4.5; i686; ; )
References: <CABcZeBPnO4zn_HkvwLpLC+EVYN8EKOBEsR80oRt3HZgsiNGDoQ@mail.gmail.com> <20150917205004.GW13294@localhost> <CAFewVt4ayyOfzQBgAkSEu7R+x+0PjHbxCWd400fSLrzoQYsTAA@mail.gmail.com>
In-Reply-To: <CAFewVt4ayyOfzQBgAkSEu7R+x+0PjHbxCWd400fSLrzoQYsTAA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: Text/Plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-Id: <201509171757.25767.davemgarrett@gmail.com>
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/TrzfksNTivAkTyJyivRJp74wtfQ>
Subject: Re: [TLS] Should we require implementations to send alerts?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Sep 2015 21:57:30 -0000

On Thursday, September 17, 2015 05:46:39 pm Brian Smith wrote:
> Let's ask the browser vendors:
> 
> Browser vendors, if web servers were to stop sending alerts during
> handshake failures, would you start doing version fallback when a
> connection is closed?

Well, what else would clients do instead? The answer is an unambiguous yes. There's no way to tell a microwave oven killing the WiFi and a legitimate handshake failure apart if no information is sent back. Implementors will always assume it's possible to retry, and we know from history that this will involve an unsafe fallback dance.

> > I'd rather keep them than remove them, but I'd be OK with clients never
> > sending them.  I'm OK with fata alerts being SHOULD send.
> 
> I suggest that, at most, implementations SHOULD NOT send them. IMO it would
> be better to remove the alert mechanism altogether in TLS 1.3.
> 
> Most people that are arguing for retaining the alert requirements seem to
> be concerned about alerts sent from the server to the client. Does anybody
> think it is important to require clients to ever send alerts other than
> close_notify?

There's also user_canceled and cert errors when doing client authentication.

The idea of restricting what alerts clients, specifically, should send is not necessarily something I'd object to, though I don't think it's useful.


Dave

v2.23.0 | Report a Bug | By Email