IETF Logo Mail Archive

Re: [TLS] Should we require implementations to send alerts?

Nico Williams <nico@cryptonector.com> Thu, 17 September 2015 22:00 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A1CC21A87E9 for <tls@ietfa.amsl.com>; Thu, 17 Sep 2015 15:00:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.366
X-Spam-Level:
X-Spam-Status: No, score=-2.366 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HnBzsk53Mm4W for <tls@ietfa.amsl.com>; Thu, 17 Sep 2015 15:00:57 -0700 (PDT)
Received: from homiemail-a34.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) by ietfa.amsl.com (Postfix) with ESMTP id 686E11A87E2 for <tls@ietf.org>; Thu, 17 Sep 2015 15:00:57 -0700 (PDT)
Received: from homiemail-a34.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a34.g.dreamhost.com (Postfix) with ESMTP id 2C11D10060; Thu, 17 Sep 2015 15:00:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=5BXIYtpeuOYbzo zLqzush4J9n/M=; b=RUdkwKdXq0qHSOHpbyIXjNn1p7Un8Zrl8mlWQIYdFu4adx Ks68TF4r4+GtwWr6YTb/dp5aC8fzkdCcnm95J6H5xh/QiXCMGpkppLjY0OYOtiHv Agin24wkCH5DbN0RTkeLofgehSZgv1AlQzWiDZT02ucMCbwEYYBUtqDOTYWTE=
Received: from localhost (108-207-244-100.lightspeed.austtx.sbcglobal.net [108.207.244.100]) (Authenticated sender: nico@cryptonector.com) by homiemail-a34.g.dreamhost.com (Postfix) with ESMTPA id B96E41005D; Thu, 17 Sep 2015 15:00:56 -0700 (PDT)
Date: Thu, 17 Sep 2015 17:00:55 -0500
From: Nico Williams <nico@cryptonector.com>
To: Eric Rescorla <ekr@rtfm.com>
Message-ID: <20150917220055.GZ13294@localhost>
References: <CABcZeBPnO4zn_HkvwLpLC+EVYN8EKOBEsR80oRt3HZgsiNGDoQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CABcZeBPnO4zn_HkvwLpLC+EVYN8EKOBEsR80oRt3HZgsiNGDoQ@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/UGFEtrT7nXsE9T6DjhWvw2_Z0BE>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Should we require implementations to send alerts?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Sep 2015 22:00:58 -0000

On Sat, Sep 12, 2015 at 01:49:49PM -0700, Eric Rescorla wrote:
> Issue: https://github.com/tlswg/tls13-spec/issues/242
> 
> In https://github.com/tlswg/tls13-spec/pull/231, Brian Smith argues:
> 
> "Nobody must ever be *required* to send an alert. Any requirement for
> sending an alert should be SHOULD, at most."

There have been two main lines of argument in this thread, paraphrased:
a) don't send them, they are dangerous, and b) making it even just
likely that fatal alerts reach the peer is hard, therefore why bother.

I believe (a) is flawed and wrong.  Fatal alerts are not the cause of
version fallback reconnects, and they should not be a problem with any
of the ciphersuites in 1.3.

I believe (b) is no reason not to send the fatal alerts.  It is reason
to have text about how an implementation that cares can improve the
likelihood of the peer receiving them.

Yes, fatal alerts should be required to be sent.  Servers should be
encouraged to improve the chances of the alerts being received by
clients by attempting to delay close the connection.  (A simple timer is
not enough; a hard limit on the number of pending-close connections is
desirable.  IMO.)

Nico
--

v2.23.0 | Report a Bug | By Email