Re: [TLS] Should we require implementations to send alerts?

Dave Garrett <davemgarrett@gmail.com> Sun, 13 September 2015 02:21 UTC

Return-Path: <davemgarrett@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F14201B44BD for <tls@ietfa.amsl.com>; Sat, 12 Sep 2015 19:21:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JrUzl-x_Px6w for <tls@ietfa.amsl.com>; Sat, 12 Sep 2015 19:21:36 -0700 (PDT)
Received: from mail-qg0-x22c.google.com (mail-qg0-x22c.google.com [IPv6:2607:f8b0:400d:c04::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7CB571B4497 for <tls@ietf.org>; Sat, 12 Sep 2015 19:21:36 -0700 (PDT)
Received: by qgev79 with SMTP id v79so91249778qge.0 for <tls@ietf.org>; Sat, 12 Sep 2015 19:21:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:subject:date:user-agent:cc:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; bh=VsY+kYYYp4C0J1wyUNXZhIkpeg+5VezGQVrAIrPAwO0=; b=QHsL+IPADMqFTKfadDXcpV9eI0lv7F9wPAXCp1b5qH4fCN3SLkakwOgch7SKQbpUJt MsMWUCqQqwCCIe25/Ol8rtt/zJvyGPh/KwLCkQ3SyF2c7Q9Mjj8WF03V2XXxIdZDBy90 sYW4Znz7EcMOAoaUDmaGb+btPeAUsbPSw31ah4kTcuRqXpSQ91+uQiwz5l4LuVDAh8pM uVgi8jkSK8T1sv6YCqPC/sS/WzGwIZhM6cAGiTByexsAPkuNHG+smMUFYWrBzDjNTiQC wGoJjlYi6WmR9/ASamC3fU77pIj8erV5EukV7R45N1Pnk9vQFLHpsMLtBfHwXt4Y5qJb cDzA==
X-Received: by 10.140.195.141 with SMTP id q135mr11096468qha.75.1442110895741; Sat, 12 Sep 2015 19:21:35 -0700 (PDT)
Received: from dave-laptop.localnet (pool-72-94-152-197.phlapa.fios.verizon.net. [72.94.152.197]) by smtp.gmail.com with ESMTPSA id e19sm3158879qhc.18.2015.09.12.19.21.34 (version=TLSv1 cipher=RC4-SHA bits=128/128); Sat, 12 Sep 2015 19:21:35 -0700 (PDT)
From: Dave Garrett <davemgarrett@gmail.com>
To: tls@ietf.org
Date: Sat, 12 Sep 2015 22:21:33 -0400
User-Agent: KMail/1.13.5 (Linux/2.6.32-74-generic-pae; KDE/4.4.5; i686; ; )
References: <CABcZeBPnO4zn_HkvwLpLC+EVYN8EKOBEsR80oRt3HZgsiNGDoQ@mail.gmail.com> <m2wpvv8gra.fsf@localhost.localdomain> <05bbd88756a346a5895b30fedce12974@ustx2ex-dag1mb3.msg.corp.akamai.com>
In-Reply-To: <05bbd88756a346a5895b30fedce12974@ustx2ex-dag1mb3.msg.corp.akamai.com>
MIME-Version: 1.0
Content-Type: Text/Plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <201509122221.33581.davemgarrett@gmail.com>
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/rUAAF11z-WAHfQNseQRFCpgwqz4>
Cc: Geoffrey Keating <geoffk@geoffk.org>
Subject: Re: [TLS] Should we require implementations to send alerts?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Sep 2015 02:21:38 -0000

On Saturday, September 12, 2015 05:55:41 pm Salz, Rich wrote:
> > > After all, what are you going to do when the connection drops without
> > > a GOAWAY?  Drop the connection?
> > 
> > Try again, assuming the problem is a one-time glitch?
> 
> That's important.  Without the alert, you might just try again.  And again.  And again.. ..

On Saturday, September 12, 2015 06:18:46 pm Viktor Dukhovni wrote:
> Interoperability problems are hard enough to debug even when alerts
> are sent, and they are *very* useful.  If the peer just hangs up,
> we don't know whether it crashed, refused service, enforced some
> protocol or policy constraint, ...

To reiterate in this thread, not being strict with error alert requirements is how we got TLS version intolerance, which is how we got insecure fallback. This one instance is sufficient for me to say that almost all alerts specified for during the handshake should be mandatory. Allowing fuzzy reactions to errors on one end leads to fuzzy kludges to deal with them on the other. We should attempt to map out every possible logic path and at least have an expectation given, if not mandated. People are less likely to do stupid things in their implementations if they're actually told what they're dealing with properly.


Dave