Re: [wpkops] Taxonomy of Browser Behaviors - "Hard Fail", "Soft Fail" and "Reload Request"
"Yngve N. Pettersen" <yngve@spec-work.net> Wed, 30 April 2014 14:43 UTC
Return-Path: <yngve@spec-work.net>
X-Original-To: wpkops@ietfa.amsl.com
Delivered-To: wpkops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D22091A6FB0 for <wpkops@ietfa.amsl.com>; Wed, 30 Apr 2014 07:43:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ciitsBrzjE7i for <wpkops@ietfa.amsl.com>; Wed, 30 Apr 2014 07:43:40 -0700 (PDT)
Received: from smtp.domeneshop.no (smtp.domeneshop.no [194.63.252.54]) by ietfa.amsl.com (Postfix) with ESMTP id ECB691A08F1 for <wpkops@ietf.org>; Wed, 30 Apr 2014 07:43:39 -0700 (PDT)
Received: from 85.168.202.84.customer.cdi.no ([84.202.168.85]:63737 helo=killashandra.invalid.invalid) by smtp.domeneshop.no with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <yngve@spec-work.net>) id 1WfVjV-00022d-VP; Wed, 30 Apr 2014 16:43:38 +0200
Content-Type: text/plain; charset="utf-8"; format="flowed"; delsp="yes"
To: Ben Wilson <ben@digicert.com>, Michael Jenkins <bergtau@gmail.com>
References: <029801cf63dd$0f484330$2dd8c990$@digicert.com> <CAB3ZzJJZ_Of81esvCT-iyDwOcDxnDa_vBqhpE2v2y4VFz23uuQ@mail.gmail.com>
Date: Wed, 30 Apr 2014 16:43:26 +0200
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
From: "Yngve N. Pettersen" <yngve@spec-work.net>
Message-ID: <op.xe4wioym3dfyax@killashandra.invalid.invalid>
In-Reply-To: <CAB3ZzJJZ_Of81esvCT-iyDwOcDxnDa_vBqhpE2v2y4VFz23uuQ@mail.gmail.com>
User-Agent: Opera Mail/12.16 (Win32)
Archived-At: http://mailarchive.ietf.org/arch/msg/wpkops/oOi6NfVtc3dQIvCyTA-ol1qebP0
Cc: wpkops WG <wpkops@ietf.org>
Subject: Re: [wpkops] Taxonomy of Browser Behaviors - "Hard Fail", "Soft Fail" and "Reload Request"
X-BeenThere: wpkops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <wpkops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/wpkops>, <mailto:wpkops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/wpkops/>
List-Post: <mailto:wpkops@ietf.org>
List-Help: <mailto:wpkops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/wpkops>, <mailto:wpkops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Apr 2014 14:43:42 -0000
Hi, Actually, IMO "soft fail" does NOT include handing the question of whether to continue over to the user. I believe "soft-fail" means that the client continues to load the document (what you call "fail open"), despite the detected problem condition(s), e.g. OCSP lookup failed. The client may or may not give a visual indication that there was a problem, and may or not treat the next connection to the server differently (e.g. Opera 12 will remove the padlock for the displayed document, and would not not reuse the affected SSL session, in case revocation checks failed). What you mention as an example of "soft fail", displaying a warning message that the user have to decide how to handle, is actually the intermediate step between what is called "soft fail" and "hard fail", the detected problem is serious enough (e.g. server name mismatch, missing CA) that the client is unwilling to continue without permission from the user. IOW, the four levels and actions are: No detected problem: Continue, no indications to the user necessary Low level problem: Continue, visual problem indications optional, aka "soft fail" Serious problem: Stop connection, ask the user whether to continue Critical problem: Close connection, don't allow the user to continue, aka "hard fail" On Wed, 30 Apr 2014 14:25:31 +0200, Michael Jenkins <bergtau@gmail.com> wrote: > I have always used the term "hard fail" to mean the browser makes the > determination for the operator - if validation fails, the operator is > given > no option to over-ride. > > I use the term "fail open" when the browser interprets inability to > obtain > revocation information as "not revoked". It's not really relevant that > locks don't appear if the desired page shows up in the main window > (especially if I put a picture of a closed lock on my main page, as some > do > :( > > I don't like the term "soft fail". If I did, I would use it for the case > where the determination is handed from the browser to the operator (the > get-me-out-of-here/i-understand-the-risks choice), which I don't > consider a > failure, it's the way things are supposed to work. I realize that's > currently a somewhat academic interpretation, but it also leaves room for > the operator to decide how hard he wants the browser to try (how much > time > to spend on this connection, how many mechanisms to invoke) and perhaps > how > much information the operator wants to broadcast in order to make this > connection work, should alternative validation mechanisms be built into > browsers. > > > On Tue, Apr 29, 2014 at 2:58 PM, Ben Wilson <ben@digicert.com> wrote: > >> In working on the next version of the Certificate Processing document, I >> have come across two different uses of “hard fail.” I am also >> concerned >> that use of the phrase, “soft fail,” might encounter similar problems. >> Also I’ve seen “Retry” or “Reload” messages, which are hard fail, but >> with >> an option to try loading again. >> >> >> >> I’ve seen “hard fail” used (1) when referring to a session that is >> stopped >> because of certificate revocation, where the user is prevented from >> proceeding, and also (2) when referring to intentional client behavior >> when >> encountering other problems with the certificate that indicate it is not >> trustworthy. (I suppose it could also mean a crash or other >> unintentional >> behavior because of a bug in code.) With respect to (2), I have called >> this a “fatal error” - A behavior in which the browser detects an >> abnormal >> condition and halts (or technically cannot complete) session negotiation >> and drops the connection or otherwise blocks the user from continuing >> (also >> referred to as “hard fail”).” However, in Phill’s paper on revocation >> behavior, he uses “hard fail”, too. >> >> >> >> I have used the term “bypassable error” instead of “soft fail”, defined >> as >> “behavior in which the browser detects an abnormal condition and asks >> the >> user whether to proceed with (i.e. click-through to) the SSL/TLS >> connection.” Is this the same as “soft fail”? (I’m assuming that a >> negative visual indicator or a “downgrade” of security indicators like >> removal of the lock icon, removal of EV indication, etc., are not “soft >> fail.” I hope that everyone agrees.) >> >> >> >> Any thoughts? Does it matter what kind of “next step” is provided in >> the >> dialogue presented to the user? For instance, the distinction between >> hard >> and soft fail might be as simple as whether the error window lacks or >> contains buttons or links that allow the user to proceed toward making >> the >> SSL/TLS connection. >> >> >> >> For “hard fail,” here is what I’ve seen: >> >> >> >> [Error Message] >> >> Firefox - “Fix connection problems” >> >> Opera – “This webpage is not available” >> >> Chrome – “This webpage is not available” >> >> Internet Explorer – “IE cannot display the webpage” “What you can try: >> Diagnose Connection Problems” >> >> Internet Explorer – “This page cannot be displayed. Fix connection >> problems” >> >> >> >> In looking at soft fail / bypassable errors, here are some of the >> buttons >> provided for a variety of different conditions, such as invalid >> certificates: >> >> >> >> [Error Message] >> >> >> >> Firefox – “Get me out of here” “Technical Details” “I understand the >> risks” >> >> Safari – “Show Certificate” “Cancel” “Continue” >> >> Internet Explorer – “Click here to close” ““Continue to this website >> (not >> recommended)” “More Information” >> >> Chrome - “Proceed anyway” or “Back to safety” and “Help me understand” >> >> >> >> Opera – “Show Certificate” “Continue Anyway” and “Cancel” or “Back to >> Safety” >> >> >> >> A third option I’ve noticed is a “reload request”, which I think is >> different than a bypassable error or hard fail. Am I right? >> >> >> >> Here are some messages: >> >> >> >> Chrome - “More” or “Reload” >> >> Firefox – “Try again” >> >> >> >> Thanks, >> >> Ben >> >> _______________________________________________ >> wpkops mailing list >> wpkops@ietf.org >> https://www.ietf.org/mailman/listinfo/wpkops >> >> -- Sincerely, Yngve N. Pettersen Using Opera's mail client: http://www.opera.com/mail/
- [wpkops] Taxonomy of Browser Behaviors - "Hard Fa… Ben Wilson
- Re: [wpkops] Taxonomy of Browser Behaviors - "Har… Wayne Thayer
- Re: [wpkops] Taxonomy of Browser Behaviors - "Har… Gervase Markham
- Re: [wpkops] Taxonomy of Browser Behaviors - "Har… Michael Jenkins
- Re: [wpkops] Taxonomy of Browser Behaviors - "Har… Yngve N. Pettersen
- Re: [wpkops] Taxonomy of Browser Behaviors - "Har… Rob Stradling