Re: [TLS] RFC-4366-bis and the unrecognized_name(112) alert

Martin Rex <> Mon, 07 June 2010 20:10 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C32C43A6832 for <>; Mon, 7 Jun 2010 13:10:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -7.649
X-Spam-Status: No, score=-7.649 tagged_above=-999 required=5 tests=[BAYES_50=0.001, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-8]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id PlIuHTuP7NsR for <>; Mon, 7 Jun 2010 13:10:43 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 275953A6837 for <>; Mon, 7 Jun 2010 13:10:33 -0700 (PDT)
Received: from by (26) with ESMTP id o57KAQLk018548 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 7 Jun 2010 22:10:31 +0200 (MEST)
From: Martin Rex <>
Message-Id: <>
To: (Marsh Ray)
Date: Mon, 7 Jun 2010 22:10:25 +0200 (MEST)
In-Reply-To: <> from "Marsh Ray" at Jun 4, 10 12:14:44 pm
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Scanner: Virus Scanner virwal06
X-SAP: out
Subject: Re: [TLS] RFC-4366-bis and the unrecognized_name(112) alert
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 07 Jun 2010 20:10:45 -0000

Marsh Ray wrote:
> On 6/4/2010 11:47 AM, Martin Rex wrote:
> >
> > But defining only the situation when one peer can send a particular
> > warning level alert is entirely insufficient.  The definition of
> > a warning-level alert _MUST_ describe how the receiving peer is
> > supposed to react to this.
> I don't agree with such an absolute statement.
> Sometimes the only use of a protocol message is to provide information
> to a software developer who wrote the code so he has some clues to go on
> when the bug report with the protocol trace lands in his inbox.

We are discussing a network protocol here, and there we need a
_MUST_ define the semantics of a protocol signal for both, the sender
and the receipient.  Everything else is going to be an interoperability
problem (as observed by Yngve), or at least useless protocol complexity.

> Although it is good to try to avoid it, the vast majority of nontrivial
> systems have failure modes that were not anticipated during development
> and testing. As a developer, I really value the ability to issue some
> opaque internal error code message into some log file. Somehow the
> system got into a state that I didn't expect it could, if I could have
> described how the system should react, I would have coded it that way.
> A strict policy like "all warnings must X" just leads to the warning
> message facility being unusable for cases where X is too difficult.

This description oversimplifies the whole issue.

If there are protocol elements that convey information between to
communication peers, then the semantics of that piece of information
must be well-defined for both, sender and receipient.  Some of the
conveyed information affects the communication protocol itself,
other information is conveyed for consumption by the calling
application, not for the protocol engine itself -- such as a
warning-level alert "unrecognized_name".

It makes perfect sense to require this information be made available
_by_the_recipient_TLS_implementation_ to the receipient calling
application _somehow_ (details unspecified).  A calling application
that does care about this non-fatal information will have to retrieve it.
The calling app may decide to abort the fully established TLS session and
retry with different parameters later on.  But the TLS (client)
implementation receiving a warning-level "unrecognized_name"
alert SHOULD ignore this alert and continue the TLS handshake.
There is nothing that the receiving TLS implementation itself can do
about this warning-level alert.

Aborting on an unexpected (or even unknown warning-level TLS alert)
appears to be generally a bad idea, because it creates unnecessary
interop problems.  The IETF golden rule for protocol applies here
"be liberal in what you accept".  TLS protocol engines that
unconditionally fail when receiving unknown or unexpected
warning-level alerts (excluding those warning-level alerts that
have a well-defined protocol-engine semantic, such as close_notify)
exhibit a significant lack of robustness.