Hubert Kario <hka...@redhat.com> wrote: > On Wednesday 16 September 2015 12:53:53 Brian Smith wrote: > > Thus, the empirical evidence from Mozilla's > > widely-deployed implementation shows that (a) the requirement to send > > alerts is difficult to conform to, and (b) it is unimportant in > > practice to send alerts. > > and yet Firefox depends on them to report human-readable errors to users > when it can't connect to a server... >
In what situation will a conformant implementation send Firefox an alert? Firefox is conformant (AFAICT) and in particular Firefox implements the mandatory-to-implement cipher suite. Therefore no conformant implementation should be sending Firefox an alert other than close_notify. (We should focus on conformant implementations because non-conformant implementations can do whatever they want, by definition). > Making the alerts more predictable and with more pinned down meanings > will only _help_ the opportunistic HTTPS and HTTPS-by-default campaigns. > I've not seen any evidence that that is true. I have seen evidence in Firefox and other implementations that detailed alert information was harmful for security, and I shared a summary of that evidence in my early message. Also, instances of such harm are documented within the TLS RFCs themselves. > yes, we need to be careful about alerts that provide information about > secret data, but there's very little of such data during handshaking, > where the vast majority of alerts apply and where they are most useful > It's not clear that there is "little of such data" especially when you consider that more of the handshake is encrypted in TLS 1.3 and when you consider that an application may not process unencrypted data as soon as it has been received. Cheers, Brian -- https://briansmith.org/
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
