Ion Larranaga Azcue <ila...@s21sec.com> writes: >I would say it's unfair to expect other people to diagnose the problem by >claiming "that information was all that was available" because you had access >to: > >- traffic dumps of the failing handshakes
There was no access to this. >- traffic dumps of working handshakes There was no access to this. >- the possibility to try any number of modifications of the client hello to >go from a working handshake to a failing handshake in order to identify the >offending option or parameter That was only after the second day of negotiations, when I managed to get indirect access to the server to use it as an oracle, resulting in trial-and- error modification of the client hello until the server didn't report a handshake failure any more. >- as you are going to have to ask the server side to activate extended >alerts, you can ask them for server logs, as well as traffic dumps of (at >least) the failed connections on their side (if they receive any, which is >additional information) Neither of those were available, and neither of them could be made available. As I said in my previous message, the only information I had was "Handshake failed". >Besides, I also think it's not fair to claim that when someone disagrees, you >are being "shouted down". What I meant was that as it's a non-zero amount of effort to write up a draft, I wasn't terribly keen on putting in the effort only to have it bikeshedded to death with "it's a security problem" (it isn't, unless you go out of your way to make it one), "you can look at the server logs" (no, you can't), etc. So what I was trying to get is an idea of whether it's worth writing a draft or not. >That being said... I encourage you to write your draft and look for consensus >within the group. OK, I'll give it a go. Peter. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
