Re: [TLS] Should we require implementations to send alerts?
Martin Thomson <martin.thomson@gmail.com> Thu, 17 September 2015 21:58 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B46BC1A87EF for <tls@ietfa.amsl.com>; Thu, 17 Sep 2015 14:58:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uLU99p5bzR2f for <tls@ietfa.amsl.com>; Thu, 17 Sep 2015 14:58:44 -0700 (PDT)
Received: from mail-yk0-x234.google.com (mail-yk0-x234.google.com [IPv6:2607:f8b0:4002:c07::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8AD2C1A87E2 for <tls@ietf.org>; Thu, 17 Sep 2015 14:58:44 -0700 (PDT)
Received: by ykdu9 with SMTP id u9so30439024ykd.2 for <tls@ietf.org>; Thu, 17 Sep 2015 14:58:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=Y6NNHc1vJPCO3HPJtlH0noPga2ktuurhifcnP2NeqlA=; b=qeWxlJk0TPZLwkZobC+ML2KD4nydorpXmgi7LfV483Re6gjIJMgePZhSjVuNLNuahH +WLoNFUln/OZnvdujX/QxbgafV9BNzYCrzHIrgwE2ZciJmFSbAY4uQNBy1mso4tyAIjF QP66jgAWxbx06t3oFUa1sDT6P6/HMcYslW1toTD+QPHRfFgXeL0h3ix4tOhgKqDNIJBp e+VY2bx4ruYb2bj96F5niOpC4P2JSUjXJQL72DKTzXDCoPJSemWtXmKkl7V3sNXlDFZY KBn0B70fOcErRdQjsO20eAUvaYMH/o4LpKmWAV/40W9kkU4s8TLgAYoi+HrQKBkS4TP1 Bgdg==
MIME-Version: 1.0
X-Received: by 10.129.145.214 with SMTP id i205mr1781215ywg.64.1442527123836; Thu, 17 Sep 2015 14:58:43 -0700 (PDT)
Received: by 10.129.133.130 with HTTP; Thu, 17 Sep 2015 14:58:43 -0700 (PDT)
In-Reply-To: <CAFewVt4ayyOfzQBgAkSEu7R+x+0PjHbxCWd400fSLrzoQYsTAA@mail.gmail.com>
References: <CABcZeBPnO4zn_HkvwLpLC+EVYN8EKOBEsR80oRt3HZgsiNGDoQ@mail.gmail.com> <CAFewVt6JAY20iXGZhufFRHSUrs5kVzP_CO2VmR5c1vaM-D_KZQ@mail.gmail.com> <20150917205004.GW13294@localhost> <CAFewVt4ayyOfzQBgAkSEu7R+x+0PjHbxCWd400fSLrzoQYsTAA@mail.gmail.com>
Date: Thu, 17 Sep 2015 14:58:43 -0700
Message-ID: <CABkgnnVjQ3yqvJeuCAfL0Fx6BR0xAWhf1eKmVWXWY2nkRwfLGg@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Brian Smith <brian@briansmith.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/h3yRJkbBMWjZQxLqIuO2RdkZB_I>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Should we require implementations to send alerts?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Sep 2015 21:58:45 -0000
On 17 September 2015 at 14:46, Brian Smith <brian@briansmith.org> wrote: > Browser vendors, if web servers were to stop sending alerts during handshake > failures, would you start doing version fallback when a connection is > closed? I'm not sure. We still have a small amount of vestigal fallback code in our code. We are gradually killing version fallback off and removing alerts would likely set that effort back. We're not sure where we stand with version fallback and 1.3. We don't know how much version intolerance 1.3 will generate. That at least might not depend on alerts, though we don't know just yet. I don't see much support for the notion that forbidding alerts is a good idea. We use alerts quite a bit for basic diagnosis. Bad configurations are pretty commonplace, the most common being one where there is no common cipher suite. Being able to isolate the error that is pretty useful.
- [TLS] Should we require implementations to send a… Eric Rescorla
- Re: [TLS] Should we require implementations to se… Martin Thomson
- Re: [TLS] Should we require implementations to se… Eric Rescorla
- Re: [TLS] Should we require implementations to se… Geoffrey Keating
- Re: [TLS] Should we require implementations to se… Martin Thomson
- Re: [TLS] Should we require implementations to se… Salz, Rich
- Re: [TLS] Should we require implementations to se… Viktor Dukhovni
- Re: [TLS] Should we require implementations to se… Eric Rescorla
- Re: [TLS] Should we require implementations to se… Dave Garrett
- Re: [TLS] Should we require implementations to se… Andrei Popov
- Re: [TLS] Should we require implementations to se… Hanno Böck
- Re: [TLS] Should we require implementations to se… Florian Weimer
- Re: [TLS] Should we require implementations to se… Salz, Rich
- Re: [TLS] Should we require implementations to se… Nico Williams
- Re: [TLS] Should we require implementations to se… Florian Weimer
- Re: [TLS] Should we require implementations to se… Henrik Grubbström
- Re: [TLS] Should we require implementations to se… Florian Weimer
- Re: [TLS] Should we require implementations to se… Salz, Rich
- Re: [TLS] Should we require implementations to se… Viktor Dukhovni
- Re: [TLS] Should we require implementations to se… Dave Garrett
- Re: [TLS] Should we require implementations to se… Jim Schaad
- Re: [TLS] Should we require implementations to se… Nico Williams
- Re: [TLS] Should we require implementations to se… Nico Williams
- Re: [TLS] Should we require implementations to se… Brian Smith
- Re: [TLS] Should we require implementations to se… Florian Weimer
- Re: [TLS] Should we require implementations to se… Hubert Kario
- Re: [TLS] Should we require implementations to se… Brian Smith
- Re: [TLS] Should we require implementations to se… Nico Williams
- Re: [TLS] Should we require implementations to se… Brian Smith
- Re: [TLS] Should we require implementations to se… Dave Garrett
- Re: [TLS] Should we require implementations to se… Nico Williams
- Re: [TLS] Should we require implementations to se… Nico Williams
- Re: [TLS] Should we require implementations to se… Dave Garrett
- Re: [TLS] Should we require implementations to se… Martin Thomson
- Re: [TLS] Should we require implementations to se… Brian Smith
- Re: [TLS] Should we require implementations to se… Nico Williams
- Re: [TLS] Should we require implementations to se… Brian Smith
- Re: [TLS] Should we require implementations to se… Nico Williams
- Re: [TLS] Should we require implementations to se… Dave Garrett
- Re: [TLS] Should we require implementations to se… Dave Garrett
- Re: [TLS] Should we require implementations to se… David Benjamin
- Re: [TLS] Should we require implementations to se… Brian Smith
- Re: [TLS] Should we require implementations to se… Brian Smith
- Re: [TLS] Should we require implementations to se… Dave Garrett
- Re: [TLS] Should we require implementations to se… Dave Garrett
- Re: [TLS] Should we require implementations to se… Martin Rex
- Re: [TLS] Should we require implementations to se… Brian Smith
- Re: [TLS] Should we require implementations to se… Dave Garrett
- Re: [TLS] Should we require implementations to se… Dave Garrett
- Re: [TLS] Should we require implementations to se… Brian Smith
- Re: [TLS] Should we require implementations to se… David Benjamin
- Re: [TLS] Should we require implementations to se… Hubert Kario
- Re: [TLS] Should we require implementations to se… Hubert Kario
- Re: [TLS] Should we require implementations to se… Brian Smith
- Re: [TLS] Should we require implementations to se… Benjamin Kaduk
- Re: [TLS] Should we require implementations to se… Tony Arcieri
- Re: [TLS] Should we require implementations to se… Dave Garrett
- Re: [TLS] Should we require implementations to se… Bill Frantz
- Re: [TLS] Should we require implementations to se… Kurt Roeckx
- Re: [TLS] Should we require implementations to se… Kurt Roeckx
- Re: [TLS] Should we require implementations to se… Viktor Dukhovni
- Re: [TLS] Should we require implementations to se… Hubert Kario
- Re: [TLS] Should we require implementations to se… Hubert Kario