Re: [TLS] Genart last call review of draft-ietf-tls-tls13-24

>Possibly, if you consider being able to say "Invalid length encoding in preferred-ECC-curves extension" in Tswana is mission-critical to debugging a TLS handshake failure. I so love your messages, Peter. Honestly I do. Perhaps not Tswana, but perhaps China may care to pick a

Re: [TLS] Expanded alert codes. [Was Re: Genart last call review of draft-ietf-tls-tls13-24]

On Sat, Mar 31, 2018 at 10:29 PM, Peter Gutmann wrote: > Eric Rescorla writes: > > >In my experience, there are four major scenarios for diagnosing this kind > of > >failure. Under the assumption that you control one end, the other end can > be: > > >

Re: [TLS] Expanded alert codes. [Was Re: Genart last call review of draft-ietf-tls-tls13-24]

Anyway, I don't mean I'm against the idea of the extended errors extensions... Only that let's not take it lightly. It can be a good debugging tool but also a risky one. De: TLS en nombre de Ion Larranaga Azcue

Re: [TLS] Expanded alert codes. [Was Re: Genart last call review of draft-ietf-tls-tls13-24]

Of course not. I mean an attacker who is specially interested in this server and knows that someone has requested a debug window on it. De: Peter Gutmann Enviado: domingo, 1 de abril de 2018 10:14 Para: Ion Larranaga Azcue;

Re: [TLS] Expanded alert codes. [Was Re: Genart last call review of draft-ietf-tls-tls13-24]

> Note that temporarily enabling debug on a live endpoint isn't a big issue, > everything will continue to operate as before except for the one client that > requests debug-level alerts, and that knows what it's up for because it > explicitly asked for it. And for the malicious user that, knowing