On 11 May 2017 at 21:06, Viktor Dukhovni <ietf-d...@dukhovni.org> wrote: > >> On May 11, 2017, at 4:21 AM, Matt Caswell <fr...@baggins.org> wrote: >> >> If the view is that the more specific alerts are helpful, then I'd >> suggest amending the wording in the "Server Certificate Selection" >> section to remove the bit about the "unsupported_certificate" alert >> and (possibly) replace with a reference to the set of alerts that >> might be sent instead. > > It can be quite difficult for users to understand why a remote peer > aborted the TLS handshake. More specific alerts are quite helpful. > Distinguishing between expiration and insufficiently strong keys or > digests, etc., makes troubleshoots easier and does not compromise > sensitive cryptographic material.
That seems reasonable to me. https://github.com/tlswg/tls13-spec/pull/1013 Matt _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
