Kathleen Moriarty <kathleen.moriarty.i...@gmail.com> wrote: > 4. Section 6.2 Error Alerts > > In addition to sending the error, I don't see any mention of the error > being logged on the server side, shouldn't that be specified? Logging > errors (at least in debug modes when needed) provides valuable > troubleshooting information and many applications don't do an adequate > job of logging, so I think it's important to call that out here as a > recommendation.
I think I agree with what Kathleen wrote here, but the PR that attempts to address this (https://github.com/tlswg/tls13-spec/pull/1021) seems too strong in recommending that servers send alerts. In particular, IMO logging the alert shouldn't necessarily be the default and there should be a way to disable such logging. I guess saying something such as "The implementation SHOULD provide a way to facilitate the logging of the error" or similar, instead of "SHOULD log" seems better to me. In particular, an implementation might not do any logging itself, but might return an error code that the higher level thing could log (if it wants to). I would generally recommend implementations do this than to do logging themselves. Cheers, Brian -- https://briansmith.org/ _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
