IETF Logo Mail Archive

Re: [TLS] Should we require implementations to send alerts?

Andrei Popov <Andrei.Popov@microsoft.com> Mon, 14 September 2015 00:29 UTC

Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C5A6C1B307E for <tls@ietfa.amsl.com>; Sun, 13 Sep 2015 17:29:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C2C1ehYVHVHd for <tls@ietfa.amsl.com>; Sun, 13 Sep 2015 17:29:19 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0111.outbound.protection.outlook.com [65.55.169.111]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9DCD71A1B11 for <tls@ietf.org>; Sun, 13 Sep 2015 17:29:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=IDAvCO+8OzjLJyQLu3S/YAPepevPYRUOx/Ulq8vwax0=; b=ItPPImqcg3UJyEnCSnlxKONCv8UnJooVReLkhfoEuerO5CNyVBXYTJ3H8rNeof0bYNvZrYfdNruCZpNaLzopExVbN5+PGju4tSDzG3k53iBm+2cGr+NJT4Iht/pR5loi94w3A7eOG4bIpo1B+UxaFmBx5FN7THWuVtCOJurpYdA=
Received: from BLUPR03MB1396.namprd03.prod.outlook.com (10.163.81.142) by BLUPR03MB1394.namprd03.prod.outlook.com (10.163.81.140) with Microsoft SMTP Server (TLS) id 15.1.268.17; Mon, 14 Sep 2015 00:29:17 +0000
Received: from BLUPR03MB1396.namprd03.prod.outlook.com ([10.163.81.142]) by BLUPR03MB1396.namprd03.prod.outlook.com ([10.163.81.142]) with mapi id 15.01.0268.017; Mon, 14 Sep 2015 00:29:16 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: Dave Garrett <davemgarrett@gmail.com>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Should we require implementations to send alerts?
Thread-Index: AQHQ7Zy1T+qq9o3Slk2QFp5r4eVdH545ZKGAgAAFeoCAAAYzgIAASkmAgAFv8NA=
Date: Mon, 14 Sep 2015 00:29:16 +0000
Message-ID: <BLUPR03MB1396AE23B3D5A6E69B9708718C5D0@BLUPR03MB1396.namprd03.prod.outlook.com>
References: <CABcZeBPnO4zn_HkvwLpLC+EVYN8EKOBEsR80oRt3HZgsiNGDoQ@mail.gmail.com> <m2wpvv8gra.fsf@localhost.localdomain> <05bbd88756a346a5895b30fedce12974@ustx2ex-dag1mb3.msg.corp.akamai.com> <201509122221.33581.davemgarrett@gmail.com>
In-Reply-To: <201509122221.33581.davemgarrett@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Andrei.Popov@microsoft.com;
x-originating-ip: [2001:4898:80e8:2::1d2]
x-microsoft-exchange-diagnostics: 1; BLUPR03MB1394; 5:sNrb3RouyEkq+E1+FGnM1reTYZO3dtvWYsz99AaJTn77HCtUHrQL1wFg2OqLwXzyswEswChmA+OgYLFUki+AwmjbUUy5k/4di3MjpsMVqrEn0jrXXk4uU2d+RClVxQMpoqNyehDgVcIja3cibNHX6g==; 24:2H2uthWfLSazPxGmS4hv7BtfrOXnVcIDQHsfK4ERJ9bVj7VpC4LNpUHZMgPPWB2TtHERc/a3EjeuyHXQHysojctJuR+JE/DPvjJVubSHfxY=; 20:b8yYWbv3ljkQ5M9piQGIK/k8gqlUepBXHYx9t1N3lf8iacjQ3MB6bazLj8RMSk3VXuOxCtMK72T1ZCUpk0Qfxw==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BLUPR03MB1394;
x-microsoft-antispam-prvs: <BLUPR03MB1394240C3293A0BD51D676718C5D0@BLUPR03MB1394.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425019)(601004)(2401001)(5005006)(8121501046)(3002001)(61426019)(61427019); SRVR:BLUPR03MB1394; BCL:0; PCL:0; RULEID:; SRVR:BLUPR03MB1394;
x-forefront-prvs: 0699FCD394
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(199003)(24454002)(13464003)(189002)(377454003)(101416001)(86362001)(8990500004)(5005710100001)(10400500002)(54356999)(10290500002)(105586002)(76176999)(5001960100002)(106356001)(50986999)(106116001)(99286002)(5002640100001)(5001860100001)(33656002)(189998001)(19580405001)(5003600100002)(62966003)(92566002)(2950100001)(77156002)(2900100001)(2501003)(19580395003)(40100003)(122556002)(5001830100001)(97736004)(81156007)(4001540100001)(87936001)(77096005)(86612001)(68736005)(102836002)(74316001)(15975445007)(93886004)(5001770100001)(46102003)(64706001)(5007970100001)(10090500001)(76576001)(5004730100002)(3826002); DIR:OUT; SFP:1102; SCL:1; SRVR:BLUPR03MB1394; H:BLUPR03MB1396.namprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Sep 2015 00:29:16.2450 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLUPR03MB1394
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/iMz10Pz7gdurd1g3LXZLPAGimf8>
Cc: Geoffrey Keating <geoffk@geoffk.org>
Subject: Re: [TLS] Should we require implementations to send alerts?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Sep 2015 00:29:21 -0000

I generally agree that sending alerts is the right thing for an implementation to do, for all the reasons discussed on this thread. It is also helpful when RFCs specify the appropriate alerts for various conditions.

On the other hand, it seems unimportant whether an alert is defined as a SHOULD or a MUST: either way the peer can't enforce the use of alerts.

Cheers,

Andrei

-----Original Message-----
From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of Dave Garrett
Sent: Saturday, September 12, 2015 7:22 PM
To: tls@ietf.org
Cc: Geoffrey Keating <geoffk@geoffk.org>
Subject: Re: [TLS] Should we require implementations to send alerts?

On Saturday, September 12, 2015 05:55:41 pm Salz, Rich wrote:
> > > After all, what are you going to do when the connection drops 
> > > without a GOAWAY?  Drop the connection?
> > 
> > Try again, assuming the problem is a one-time glitch?
> 
> That's important.  Without the alert, you might just try again.  And again.  And again.. ..

On Saturday, September 12, 2015 06:18:46 pm Viktor Dukhovni wrote:
> Interoperability problems are hard enough to debug even when alerts 
> are sent, and they are *very* useful.  If the peer just hangs up, we 
> don't know whether it crashed, refused service, enforced some protocol 
> or policy constraint, ...

To reiterate in this thread, not being strict with error alert requirements is how we got TLS version intolerance, which is how we got insecure fallback. This one instance is sufficient for me to say that almost all alerts specified for during the handshake should be mandatory. Allowing fuzzy reactions to errors on one end leads to fuzzy kludges to deal with them on the other. We should attempt to map out every possible logic path and at least have an expectation given, if not mandated. People are less likely to do stupid things in their implementations if they're actually told what they're dealing with properly.


Dave

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email