On Monday, 17 October 2016 13:26:09 CEST Dave Garrett wrote:
> On Monday, October 17, 2016 01:04:18 pm Martin Rex wrote:
> > This list is already missing the warning-level "unrecognized_name" alert,
> > and such a change would imply that all new/unrecognized alerts are going
> > to be treated as fatal forever (i.e. that no new warning-level alerts
> > can ever be defined).
> That's already true:
> https://tools.ietf.org/html/draft-ietf-tls-tls13-16#section-6
> https://tlswg.github.io/tls13-spec/#alert-protocol
> "Unknown alert types MUST be treated as fatal."
> Changelog says this change was made for draft 14.

but unrecognized_name is defined (it's a part of MTI extension in fact), and 
any value defined by a new RFC automatically becomes a known alert

Not to mention that implementations are not supposed to send unknown alerts 
unless negotiated by extension.

Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purky┼łova 99/71, 612 45, Brno, Czech Republic

Attachment: signature.asc
Description: This is a digitally signed message part.

TLS mailing list

Reply via email to