Re: [TLS] Genart last call review of draft-ietf-tls-tls13-24

Bill Frantz <frantz@pwpconsult.com> Fri, 30 March 2018 20:55 UTC

Date: Fri, 30 Mar 2018 13:55:24 -0700
From: Bill Frantz <frantz@pwpconsult.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
cc: Steve Fenter <steven.fenter58@gmail.com>, "Dale R. Worley" <worley@ariadne.com>, gen-art@ietf.org, ietf@ietf.org, draft-ietf-tls-tls13.all@ietf.org, tls@ietf.org
In-Reply-To: <1522377304060.20682@cs.auckland.ac.nz>
Message-ID: <r470Ps-10133i-7B3DEB3D7CF1410DB2E2FF250A811BB1@Williams-MacBook-Pro.local>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/uw3OOja2zc9KlKu2wqUTUGg9ak0>
Subject: Re: [TLS] Genart last call review of draft-ietf-tls-tls13-24
Precedence: list

On 3/30/18 at 7:35 PM, pgut001@cs.auckland.ac.nz (Peter Gutmann) wrote:

>As you mention, debugging TLS is unnecessarily painful if there's a problem,
>you typically just get a handshake-failed alert which is essentially no
>information at all.  Having a debug-mode capability to send back a long-form
>error message would be extremely useful, maybe an extension to say "send back
>a long-form alert with more than just 'BOOLEAN succeeded = FALSE' in it".

We have always avoided the long form error messages in TLS 
because they can be of great help to attackers as well as 
debuggers. I think this objection is much weaker if we write the 
long form error messages into a log that is kept with other 
server logs.

Cheers - Bill

-----------------------------------------------------------------------
Bill Frantz        | Ham radio contesting is a    | Periwinkle
(408)356-8506      | contact sport.               | 16345 
Englewood Ave
www.pwpconsult.com |  - Ken Widelitz K6LA / VY2TT | Los Gatos, 
CA 95032

[TLS] Genart last call review of draft-ietf-tls-t… Dale Worley
Re: [TLS] [Gen-art] Genart last call review of dr… Alissa Cooper
Re: [TLS] Genart last call review of draft-ietf-t… Colm MacCárthaigh
Re: [TLS] Genart last call review of draft-ietf-t… Ted Lemon
Re: [TLS] Genart last call review of draft-ietf-t… Dale R. Worley
Re: [TLS] Genart last call review of draft-ietf-t… Eric Rescorla
Re: [TLS] Genart last call review of draft-ietf-t… David Benjamin
Re: [TLS] Genart last call review of draft-ietf-t… Eric Rescorla
Re: [TLS] Genart last call review of draft-ietf-t… Steve Fenter
Re: [TLS] Genart last call review of draft-ietf-t… Peter Gutmann
Re: [TLS] Genart last call review of draft-ietf-t… Bill Frantz
Re: [TLS] Genart last call review of draft-ietf-t… Eric Rescorla
Re: [TLS] Genart last call review of draft-ietf-t… Peter Gutmann
Re: [TLS] Genart last call review of draft-ietf-t… Kathleen Moriarty
Re: [TLS] Genart last call review of draft-ietf-t… Peter Gutmann
Re: [TLS] Genart last call review of draft-ietf-t… Salz, Rich
Re: [TLS] Genart last call review of draft-ietf-t… Peter Gutmann
Re: [TLS] Genart last call review of draft-ietf-t… Salz, Rich
Re: [TLS] Genart last call review of draft-ietf-t… Dale R. Worley
Re: [TLS] Genart last call review of draft-ietf-t… Viktor Dukhovni
Re: [TLS] Genart last call review of draft-ietf-t… Salz, Rich
Re: [TLS] Genart last call review of draft-ietf-t… Stan Kalisch
Re: [TLS] Genart last call review of draft-ietf-t… Ion Larranaga Azcue
Re: [TLS] Genart last call review of draft-ietf-t… Viktor Dukhovni
Re: [TLS] Genart last call review of draft-ietf-t… Stan Kalisch
Re: [TLS] Genart last call review of draft-ietf-t… Eric Rescorla
Re: [TLS] Genart last call review of draft-ietf-t… Viktor Dukhovni
Re: [TLS] Genart last call review of draft-ietf-t… Salz, Rich
Re: [TLS] Genart last call review of draft-ietf-t… Peter Gutmann
Re: [TLS] Genart last call review of draft-ietf-t… Peter Gutmann
Re: [TLS] Genart last call review of draft-ietf-t… Ion Larranaga Azcue
Re: [TLS] Genart last call review of draft-ietf-t… Peter Gutmann
Re: [TLS] Genart last call review of draft-ietf-t… Ion Larranaga Azcue
Re: [TLS] Genart last call review of draft-ietf-t… Stan Kalisch