I generally agree that sending alerts is the right thing for an implementation to do, for all the reasons discussed on this thread. It is also helpful when RFCs specify the appropriate alerts for various conditions.
On the other hand, it seems unimportant whether an alert is defined as a SHOULD or a MUST: either way the peer can't enforce the use of alerts. Cheers, Andrei -----Original Message----- From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Dave Garrett Sent: Saturday, September 12, 2015 7:22 PM To: tls@ietf.org Cc: Geoffrey Keating <geo...@geoffk.org> Subject: Re: [TLS] Should we require implementations to send alerts? On Saturday, September 12, 2015 05:55:41 pm Salz, Rich wrote: > > > After all, what are you going to do when the connection drops > > > without a GOAWAY? Drop the connection? > > > > Try again, assuming the problem is a one-time glitch? > > That's important. Without the alert, you might just try again. And again. > And again.. .. On Saturday, September 12, 2015 06:18:46 pm Viktor Dukhovni wrote: > Interoperability problems are hard enough to debug even when alerts > are sent, and they are *very* useful. If the peer just hangs up, we > don't know whether it crashed, refused service, enforced some protocol > or policy constraint, ... To reiterate in this thread, not being strict with error alert requirements is how we got TLS version intolerance, which is how we got insecure fallback. This one instance is sufficient for me to say that almost all alerts specified for during the handshake should be mandatory. Allowing fuzzy reactions to errors on one end leads to fuzzy kludges to deal with them on the other. We should attempt to map out every possible logic path and at least have an expectation given, if not mandated. People are less likely to do stupid things in their implementations if they're actually told what they're dealing with properly. Dave _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
