On Saturday, May 21, 2016 06:16:39 pm Eric Rescorla wrote: > https://github.com/tlswg/tls13-spec/issues/472 > > http://tlswg.github.io/tls13-spec/#error-alerts says: > > Therefore, warning alerts are not very useful when > the sending party wants to continue the connection, and thus are sometimes > omitted. For example, if a party decides to accept an expired certificate > (perhaps after confirming this with the user) and wants to continue the > connection, it would not generally send a "certificate_expired" alert. > > It would probably be simpler to require that alerts either be warning or > fatal and that > the only warning alerts are the "Closure Alerts" specified in > http://tlswg.github.io/tls13-spec/#closure-alerts (or in some update > document) > rather than expect people to handle some warning version of the Error > Alerts. > > Thoughts?
Does any implementation actually do anything with the warning version of alerts in question? If not, then this sounds like a reasonable simplification. Dave _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
