Re: [TLS] sending error alerts: MUST? SHOULD? MAY?
Eric Rescorla <ekr@networkresonance.com> Fri, 09 February 2007 22:33 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HFeJN-00029i-Di; Fri, 09 Feb 2007 17:33:45 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HFeJM-00029d-BM for tls@ietf.org; Fri, 09 Feb 2007 17:33:44 -0500
Received: from laser.networkresonance.com ([198.144.196.2]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HFeJL-00056e-1b for tls@ietf.org; Fri, 09 Feb 2007 17:33:44 -0500
Received: from networkresonance.com (raman.networkresonance.com [198.144.196.3]) by laser.networkresonance.com (Postfix) with ESMTP id C1D075C01E; Fri, 9 Feb 2007 14:41:43 -0800 (PST)
To: Nelson B Bolyard <nelson@bolyard.com>
Subject: Re: [TLS] sending error alerts: MUST? SHOULD? MAY?
In-reply-to: Your message of "Sun, 31 Dec 2006 15:13:24 PST." <45984414.2090209@bolyard.com>
X-Mailer: MH-E 7.4.3; nmh 1.2; XEmacs 21.4 (patch 19)
Date: Fri, 09 Feb 2007 14:33:42 -0800
From: Eric Rescorla <ekr@networkresonance.com>
Message-Id: <20070209224143.C1D075C01E@laser.networkresonance.com>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 798b2e660f1819ae38035ac1d8d5e3ab
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
Nelson B Bolyard <nelson@bolyard.com> wrote: > Last August, I wrote to this list about the lack of "MUST" in the RFCs and > drafts concerning the use of error and warning alerts. That message is > quoted below. I only got one reply, from Peter Gutmann. > > I really want to see this situation get fixed in TLS 1.2. What can I do > to make that happen? Do I need to submit a draft with the suggested changes? > Erik, if I send you a set of suggested changes as edits to the current 1.2 > draft, will you incorporate them? My concern, as I think I mentioned to you privately, is that we not mandate behaviors that potentially leak security relevant information. We've had one such situation before with CBC padding. Ultimately, we really need a review of the security implications of every kind of error, but not having that I'm reluctant to require behaviors that haven't been vetted. The bottom line, then, is that I'd prefer not to change this language without explicit security analysis for each change. -Ekr _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] sending error alerts: MUST? SHOULD? MAY? Nelson B Bolyard
- Re: [TLS] sending error alerts: MUST? SHOULD? MAY? Nelson B Bolyard
- Re: [TLS] sending error alerts: MUST? SHOULD? MAY? Ben Laurie
- Re: [TLS] sending error alerts: MUST? SHOULD? MAY? Kyle Hamilton
- RE: [TLS] sending error alerts: MUST? SHOULD? MAY? Whyte, William
- RE: [TLS] sending error alerts: MUST? SHOULD? MAY? Whyte, William
- Re: [TLS] sending error alerts: MUST? SHOULD? MAY? Eric Rescorla
- RE: [TLS] sending error alerts: MUST? SHOULD? MAY? Pasi.Eronen