After PR #625 all alerts are required to be sent with fatal AlertLevel except for close_notify, end_of_early_data, and user_canceled. Since those three alerts all have separate specified behavior, the AlertLevel field is not serving much purpose, other than providing potential for misuse. We (Facebook) currently receive a number of alerts at incorrect levels from clients (internal_error warning alerts, etc.). I propose deprecating this field to simplify implementations and require that any misuse be ignored.
PR: https://github.com/tlswg/tls13-spec/pull/693 Kyle
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
