> I'm proposing renaming "insufficient_security" to > "unsupported_cipher_suites", which is explicitly what it's been for since TLS > 1.0.
Not quite. Insufficient_security alert is defined as follows: " Returned instead of handshake_failure when a negotiation has failed specifically because the server requires ciphers more secure than those supported by the client. This message is always fatal." This is a very narrow and specific definition. The server says "I know all the cipher suites the client advertises, and consider them too weak". By contrast, unsupported_cipher_suites means something like "I don't have a cipher suite in common with the client". The latter can happen when the client's cipher suites are more secure than the server's. > What I want is to add a new "unsupported_groups" alert to use instead. (both > here and there) The "client_authentication_failure" alert suggestion is to > pull that out of the "handshake_failure" catchall. I have absolutely no problem with the new alerts; my concern is about redefining existing alerts (and, for that matter, redefining existing cipher suites:)). Cheers, Andrei -----Original Message----- From: Dave Garrett [mailto:davemgarr...@gmail.com] Sent: Friday, July 24, 2015 7:09 AM To: Andrei Popov; Eric Rescorla Cc: tls@ietf.org Subject: Re: [TLS] new error alerts? On Thursday, July 23, 2015 10:52:59 pm Andrei Popov wrote: > Rather than renaming and otherwise modifying the meaning of the existing > alerts, would it be better to define new, more granular alerts in 1.3? We > can’t ascribe new meanings to alerts generated by the code we’ve shipped in > the past. I'm not proposing changing the meaning of existing alerts. At most, the Negotiated FF-DH draft would need to be updated/fixed. I'm proposing renaming "insufficient_security" to "unsupported_cipher_suites", which is explicitly what it's been for since TLS 1.0. There isn't a specific error defined for lack of a supported group yet. RFC 4492 just says "fatal handshake failure alert". The Negotiated FF-DH draft has "insufficient_security" for unsupported group. _That_ does change the meaning, as previously it was explicitly defined for cipher issues only. What I want is to add a new "unsupported_groups" alert to use instead. (both here and there) The "client_authentication_failure" alert suggestion is to pull that out of the "handshake_failure" catchall. I just want to clarify the existing alert, not reuse it for a related but distinctly different alert, and not lump stuff into a catchall that we can't debug. ;) Dave _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
