IETF Logo Mail Archive

Re: [TLS] Should we require implementations to send alerts?

Eric Rescorla <ekr@rtfm.com> Sat, 12 September 2015 21:27 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 17B441B3968 for <tls@ietfa.amsl.com>; Sat, 12 Sep 2015 14:27:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7pPqV-j0z-7o for <tls@ietfa.amsl.com>; Sat, 12 Sep 2015 14:27:10 -0700 (PDT)
Received: from mail-wi0-f171.google.com (mail-wi0-f171.google.com [209.85.212.171]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 939DE1B3874 for <tls@ietf.org>; Sat, 12 Sep 2015 14:27:08 -0700 (PDT)
Received: by wiclk2 with SMTP id lk2so92224948wic.1 for <tls@ietf.org>; Sat, 12 Sep 2015 14:27:07 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=Brn5OgFM5QHleczMqIlVzI4SFQc0bk63LwY0cDlLA90=; b=O0g2yUX2OIiK+oU7ora2f60/L6BjqyQW6J/3ZU2Y76dpmGN/+efIS3uCUrzoxxOAUZ CiKfIoY+Ir6qogjqVvtf+8ARk8PzPaDg3aNZkD6qS9LX53Ry43oyyE/qvZYbZ69cb/Bu YMSSU0GjwxJeJm4lerR62Sph9RMdG3J8XmrnW1h/tlKlW1njGDWHbdLEcjCJB6L4/XhF Ekkg5dfEGcv0sWpPsi4bFtgi0HMWJua69Gr/qMZ2sJykpRlvjjJ/Txll+b42aTSTEyb5 B59Lm9W2yQEtll8HxEvebb3mYfDKOOzrO6OTX9FC2v3a4E7u+rbPpitpVBeQRonC5vrP ibGA==
X-Gm-Message-State: ALoCoQml4oec6y5jCcAkENfHx5Xtip8cGZu7zXl7dgv0zUw95QqUHt7wC7coSSUIAU7GZtJduxHQ
X-Received: by 10.194.48.81 with SMTP id j17mr10880993wjn.81.1442093227212; Sat, 12 Sep 2015 14:27:07 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.27.79.200 with HTTP; Sat, 12 Sep 2015 14:26:27 -0700 (PDT)
In-Reply-To: <CABkgnnU-RkqGU=29-4UApmAoWG5D8-nn+X-VyheSjkd+oA+CAQ@mail.gmail.com>
References: <CABcZeBPnO4zn_HkvwLpLC+EVYN8EKOBEsR80oRt3HZgsiNGDoQ@mail.gmail.com> <CABkgnnU-RkqGU=29-4UApmAoWG5D8-nn+X-VyheSjkd+oA+CAQ@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Sat, 12 Sep 2015 14:26:27 -0700
Message-ID: <CABcZeBO11ApeodOyWPS2dzk0Lp3qEzUKn+q-PpgV+Z=B13KmdA@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Content-Type: multipart/alternative; boundary="047d7b86c1908a9812051f937e8e"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/gEa0ngQPFdnAfq9Xj5F6msE33WY>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Should we require implementations to send alerts?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Sep 2015 21:27:12 -0000

On Sat, Sep 12, 2015 at 2:13 PM, Martin Thomson <martin.thomson@gmail.com>
wrote:

> On 12 September 2015 at 13:49, Eric Rescorla <ekr@rtfm.com> wrote:
> > "Nobody must ever be required to send an alert. Any requirement for
> sending
> > an alert should be SHOULD, at most."
>
> This was a point of debate for HTTP/2 as well.  The conclusion there
> was that you had to be prepared to have the connection disappear
> without warning for various reasons, so requiring that an error be
> sent was silly.
>
> After all, what are you going to do when the connection drops without
> a GOAWAY?  Drop the connection?
>
> That only applies to fatal alerts of course, but I don't see a lot of
> use of the warning level, in fact, they might be a bad thing to
> support (but that's a separate subject).  My suggestion is that we
> require that endpoints treat certain errors as fatal and maybe suggest
> a particular alert.  However, also note that they MAY drop the
> connection without sending the alert OR that even if they do send the
> alert, it might get lost.
>

It seems like there are the following options:

1. Require termination and say nothing else
2. Require termination and suggest an alert.
3. Require termination and say that if you send an alert it must be X.
4. Require termination and say that you must send alert X.


As you say, implementations can always terminate without sending
alerts, however (at least in TLS 1.2) alerts served three purposes:

1. A secure indication of close (and for orderly close in the case
of close_notify).
2. Session cache invalidation.
3. An indication to the other side of what went wrong.

At least in the third cases, even if implementations can in principle
close without sending alerts, they still serve a function and one might
argue that that's a reason to encourage/require them.

-Ekr

v2.23.0 | Report a Bug | By Email