> On May 11, 2017, at 4:21 AM, Matt Caswell <fr...@baggins.org> wrote:
>
> If the view is that the more specific alerts are helpful, then I'd
> suggest amending the wording in the "Server Certificate Selection"
> section to remove the bit about the "unsupported_certificate" alert
> and (possibly) replace with a reference to the set of alerts that
> might be sent instead.
It can be quite difficult for users to understand why a remote peer
aborted the TLS handshake. More specific alerts are quite helpful.
Distinguishing between expiration and insufficiently strong keys or
digests, etc., makes troubleshoots easier and does not compromise
sensitive cryptographic material.
--
Viktor.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
