On 10 September 2016 at 00:35, Hannes Tschofenig <hannes.tschofe...@gmx.net> wrote: > I personally would find it more useful to have an alert saying > "missing_server_name_extension" instead of just returning > "missing_extension" for a number of different extensions since this gives > the client no chance to fix the problem without human intervention.
In this case, this is the only use of missing_extension that would be due to the extension being optional. In all other cases, missing_extension is used for a protocol violation: missing signature_algorithms, for instance, is always a direct result of problems that are inherent to the ClientHello. Thus, a well-behaved implementation can (currently) infer that this is the reason for missing_extension. I wouldn't say that this is a great argument, but it's one that could be made. Generally, I've given up on TLS error codes being useful, or even making them useful; we've been stung in the past by being overly specific about what went wrong. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
