Hi,
I’m looking for some clarification on unsupported_extension vs
illegal_parameter alerts in TLS 1.3.
RFC 8446 says:
If an implementation receives an extension
which it recognizes and which is not specified for the message in
which it appears, it MUST abort the handshake with an
"illegal_parameter" alert.
and
The client MUST check EncryptedExtensions for the
presence of any forbidden extensions and if any are found MUST abort
the handshake with an "illegal_parameter" alert.
But also
unsupported_extension: Sent by endpoints receiving any handshake
message containing an extension known to be prohibited for
inclusion in the given handshake message, or including any
extensions in a ServerHello or Certificate not first offered in
the corresponding ClientHello or CertificateRequest.
These seem contradictory. An “unsupported_extension” is for “an extension
known to be prohibited for inclusion in the given handshake message”.
But it seems that the first two statements quoted indicate that
“illegal_parameter” should be sent in this case.
I’d expect “unsupported_extension” would be more fitting. Is an errata needed?
Thanks,
Daniel Van Geest
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
