On 09/15/2015 06:29 PM, Nico Williams wrote: > On Tue, Sep 15, 2015 at 03:18:30PM +0200, Florian Weimer wrote: >> On 09/12/2015 10:49 PM, Eric Rescorla wrote: >>> Issue: https://github.com/tlswg/tls13-spec/issues/242 >>> >>> In https://github.com/tlswg/tls13-spec/pull/231, Brian Smith argues: >>> >>> "Nobody must ever be *required* to send an alert. Any requirement for >>> sending an alert should be SHOULD, at most." >> >> Using full-duplex TCP, it's difficult to get a fatal alert over the wire >> if you want to close the connection immediately: > > But if you have a fatal error you'll be closing immediately anyways. > Does sending the fatal alert cause a problem other than increase the > likelihood of RSTs? What is the alternative considering that the next > step is to close the connection anyways?
I'm trying to explain that any requirement to send fatal alerts will be difficult to implement. With the BSD sockets API, the only way to do that reliable is *not* to close the socket immediately, which is apparently not what you (or existing APIs) expect, and which is where the difficulty lies. -- Florian Weimer / Red Hat Product Security _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
