https://github.com/tlswg/tls13-spec/issues/472
http://tlswg.github.io/tls13-spec/#error-alerts says: Therefore, warning alerts are not very useful when the sending party wants to continue the connection, and thus are sometimes omitted. For example, if a party decides to accept an expired certificate (perhaps after confirming this with the user) and wants to continue the connection, it would not generally send a "certificate_expired" alert. It would probably be simpler to require that alerts either be warning or fatal and that the only warning alerts are the "Closure Alerts" specified in http://tlswg.github.io/tls13-spec/#closure-alerts (or in some update document) rather than expect people to handle some warning version of the Error Alerts. Thoughts? -Ekr
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
