On Sat, Sep 19, 2015 at 03:14:07PM +0200, Kurt Roeckx wrote:
> But I wonder in which cases it's important to receive the fatal
> alert. I guess it's the cases where it can tell you that
> connecting again might work, and so would only be during the
> handshake. The only case I can think of is something like "client
> certificate required", and as far as I know we don't even
> currently have something that says that explicitly.
Alerts are very important in resolving interoperability problems,
they probably should not generally lead to different peer behaviour
than had the connection been closed instead. The handshake failed,
try another server if there are multiple A records, SRV records,
... or else give up.
Alerts SHOULD be sent (on a best-effort basis) and are typically
not lost. This discussion seems much too long/complicated. Send
the requisite alert, and close, it might not arrive, but that's
not the sender's problem if the peer closes prematurely or the
network is layer is lossy.
--
Viktor.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
