On 10/17/2016 06:20 AM, Hubert Kario wrote:
> On Friday, 14 October 2016 21:07:30 CEST Kyle Nekritz wrote:
>> After PR #625 all alerts are required to be sent with fatal AlertLevel
>> except for close_notify, end_of_early_data, and user_canceled. Since those
>> three alerts all have separate specified behavior, the AlertLevel field is
>> not serving much purpose, other than providing potential for misuse. We
>> (Facebook) currently receive a number of alerts at incorrect levels from
>> clients (internal_error warning alerts, etc.).
> could you expand on why it's a problem?
Why what is a problem?
My understanding is that at present, the AlertLevel is not reliable
(that is, some noticeable fraction of clients send nonsense) and so the
change in PR 693 is merely documenting existing best practice.
TLS mailing list