Re: [TLS] PR#625: Change alert requirements
Benjamin Kaduk <bkaduk@akamai.com> Fri, 09 September 2016 23:13 UTC
Return-Path: <bkaduk@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9BC1812B041 for <tls@ietfa.amsl.com>; Fri, 9 Sep 2016 16:13:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.208
X-Spam-Level:
X-Spam-Status: No, score=-4.208 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-1.508, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gIUdOWx_cS_z for <tls@ietfa.amsl.com>; Fri, 9 Sep 2016 16:13:05 -0700 (PDT)
Received: from prod-mail-xrelay07.akamai.com (prod-mail-xrelay07.akamai.com [23.79.238.175]) by ietfa.amsl.com (Postfix) with ESMTP id 9F49C12B028 for <tls@ietf.org>; Fri, 9 Sep 2016 16:13:05 -0700 (PDT)
Received: from prod-mail-xrelay07.akamai.com (localhost.localdomain [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id F257843341F; Fri, 9 Sep 2016 23:13:04 +0000 (GMT)
Received: from prod-mail-relay11.akamai.com (prod-mail-relay11.akamai.com [172.27.118.250]) by prod-mail-xrelay07.akamai.com (Postfix) with ESMTP id DC70C433416; Fri, 9 Sep 2016 23:13:04 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; s=a1; t=1473462784; bh=FogtNBeD0JgWP/KUGS66CEN8dCPsOtzZg6Yx6jDjGC8=; l=6015; h=To:References:From:Date:In-Reply-To:From; b=OjPJnhj0RGJzLmNaYPOLlWGzbGTjnZLh41EvHUAh/WLnwlqOP/zTY2vWM39w2jqqj FC90ibTJxQKpkauoHBmfwJfrW6eEu617DyvOH2w7p0arLtKRzTTb4o3q7h5maXTjb0 v2+cOyxiLG4qZzhvuyQZcqdHRRc3DqCzKxULBhWY=
Received: from [172.19.0.25] (bos-lpczi.kendall.corp.akamai.com [172.19.0.25]) by prod-mail-relay11.akamai.com (Postfix) with ESMTP id A01151FC88; Fri, 9 Sep 2016 23:13:04 +0000 (GMT)
To: Sean Turner <sean@sn3rd.com>, "tls@ietf.org" <tls@ietf.org>
References: <CABcZeBMeLgqjvr2cjWL=AHTQJbS9siNBB6U2=0654yigbBGkYA@mail.gmail.com> <6EA2A272-FB9F-4E0A-A35E-680E531DD757@sn3rd.com>
From: Benjamin Kaduk <bkaduk@akamai.com>
Message-ID: <b881914a-21ab-afb2-080b-4492b0b9227d@akamai.com>
Date: Fri, 09 Sep 2016 18:13:04 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0
MIME-Version: 1.0
In-Reply-To: <6EA2A272-FB9F-4E0A-A35E-680E531DD757@sn3rd.com>
Content-Type: multipart/alternative; boundary="------------CF53ADC30CD298CE8A48560C"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ln_m6ndqM_4gIHuTqrmX9RM0EPQ>
Subject: Re: [TLS] PR#625: Change alert requirements
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Sep 2016 23:13:07 -0000
I'm happy to make all alerts fatal. I also like the state in the pull requests where some cases require that if an alert is sent, it is a specific alert, while leaving flexibility in other cases (and preventing us from having to exhaustively enumerate all possible causes for alerts). It would also be nice to standardize on using "terminate" for post-handshake issues and "abort" for during the handshake (or, really, any concrete split). It looks like the intent of the pull request is to make that distinction, but I wasn't really reading with a keen eye and checking all cases for it. -Ben On 09/06/2016 04:33 PM, Sean Turner wrote: > All, > > The chairs would like to get some eyes on this PR by this Friday (Sept 9th) so that we can draw it to close. > > Thanks, > > J&S > >> On Sep 05, 2016, at 14:02, Eric Rescorla <ekr@rtfm.com> wrote: >> >> PR: https://github.com/tlswg/tls13-spec/pull/625 >> >> Currently the TLS spec requires implementations to send alerts under various >> fatal conditions. However, many stacks actually don't send alerts but instead >> just terminate the connection. Several people have argued that we should relax >> the requirement. >> >> At the September 2015 interim there was consensus to instead encourage >> sending alerts and require that if you send an alert, you send a specific one. >> I've finally gotten around to producing a PR that does this (link above). This >> PR: >> >> - Harmonizes all the language around alert sending (though perhaps I missed >> a couple of places) >> - Tries to make which alerts to send clearer in the alert descriptions to avoid >> having to specify individually how to handle every decision. >> - Relaxes the requirement as listed above. >> >> Note that these are to some extent orthogonal changes; even if we decide to >> continue mandating sending alerts, that should be listed in one location not >> scattered around the spec. >> >> I know that there wasn't universal consensus on relaxing the requirement to >> send, so I'll await WG discussion and the chairs decision on how to handle this PR. >> >> -Ekr >> >> _______________________________________________ >> TLS mailing list >> TLS@ietf.org >> https://www.ietf.org/mailman/listinfo/tls > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
- [TLS] PR#625: Change alert requirements Eric Rescorla
- Re: [TLS] PR#625: Change alert requirements Sean Turner
- Re: [TLS] PR#625: Change alert requirements Watson Ladd
- Re: [TLS] PR#625: Change alert requirements Eric Rescorla
- Re: [TLS] PR#625: Change alert requirements Hubert Kario
- Re: [TLS] PR#625: Change alert requirements Hubert Kario
- Re: [TLS] PR#625: Change alert requirements Andrei Popov
- Re: [TLS] PR#625: Change alert requirements Eric Rescorla
- Re: [TLS] PR#625: Change alert requirements Martin Rex
- Re: [TLS] PR#625: Change alert requirements David Benjamin
- Re: [TLS] PR#625: Change alert requirements Timothy Jackson
- Re: [TLS] PR#625: Change alert requirements Ilari Liusvaara
- Re: [TLS] PR#625: Change alert requirements Salz, Rich
- Re: [TLS] PR#625: Change alert requirements Martin Rex
- Re: [TLS] PR#625: Change alert requirements Salz, Rich
- Re: [TLS] PR#625: Change alert requirements Salz, Rich
- Re: [TLS] PR#625: Change alert requirements Hubert Kario
- Re: [TLS] PR#625: Change alert requirements Hannes Tschofenig
- Re: [TLS] PR#625: Change alert requirements Benjamin Kaduk
- Re: [TLS] PR#625: Change alert requirements Martin Thomson
- Re: [TLS] PR#625: Change alert requirements Ilari Liusvaara
- Re: [TLS] PR#625: Change alert requirements Hubert Kario
- Re: [TLS] PR#625: Change alert requirements Sean Turner
- Re: [TLS] PR#625: Change alert requirements Eric Rescorla
- Re: [TLS] PR#625: Change alert requirements Eric Rescorla
- Re: [TLS] PR#625: Change alert requirements Eric Rescorla
- Re: [TLS] PR#625: Change alert requirements Hubert Kario
- Re: [TLS] PR#625: Change alert requirements Eric Rescorla
- [TLS] (strict) decoding of legacy_record_version? Benjamin Kaduk
- Re: [TLS] (strict) decoding of legacy_record_vers… David Benjamin
- Re: [TLS] (strict) decoding of legacy_record_vers… Eric Rescorla
- Re: [TLS] (strict) decoding of legacy_record_vers… Brian Smith
- Re: [TLS] (strict) decoding of legacy_record_vers… Martin Thomson
- Re: [TLS] (strict) decoding of legacy_record_vers… Brian Smith
- Re: [TLS] (strict) decoding of legacy_record_vers… Martin Thomson
- Re: [TLS] (strict) decoding of legacy_record_vers… Benjamin Kaduk
- [TLS] Treatment of (legacy_record_)version field … Andreas Walz
- Re: [TLS] Treatment of (legacy_record_)version fi… Eric Rescorla
- Re: [TLS] Treatment of (legacy_record_)version fi… Andreas Walz