Of course not. I mean an attacker who is specially interested in this server and knows that someone has requested a debug window on it.
________________________________________ De: Peter Gutmann <pgut...@cs.auckland.ac.nz> Enviado: domingo, 1 de abril de 2018 10:14 Para: Ion Larranaga Azcue; Eric Rescorla Cc: IETF discussion list; General Area Review Team; draft-ietf-tls-tls13....@ietf.org; Dale R. Worley; <tls@ietf.org> Asunto: Re: [TLS] Expanded alert codes. [Was Re: Genart last call review of draft-ietf-tls-tls13-24] Ion Larranaga Azcue <ila...@s21sec.com> writes: >And for the malicious user that, knowing the server is currently in debug >mode and returning extended errors, can more easily perform attacks on it... If there's someone on the Internet who can scan every TLS server on the planet once a minute to see a brief debug window open up, and then perform something like a million-message-attack using a single debug message, then they're kinda wasting their abilities in attacking TLS servers... Peter. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
