Andreas Walz <andreas.w...@hs-offenburg.de> writes: >However, where would you draw the line between "I can't" and "I don't want >to"?
It's one of those judgement-call things, I don't know if you can strictly define it but as a rule of thumb I'd say that if you encounter it during normal processing it's an I-can't problem while if you have to add special- case checks to identify it and refuse to continue it's an I-don't-want-to problem. Using again the example of "Couldn't connect to Amazon because no suitable encryption was available", if the server or client accidentally memset()s the cipher suite block to 0xDEADBEEF then you've run into an I-can't-continue problem, while if the length fields don't quite match up (the MUST NOT that was cited at the start of this thread), something that you wouldn't even notice unless you added special-case code to check for it, then it's an I- don't-want-to-continue problem. Peter. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
