On Monday, 17 October 2016 21:10:30 CEST Ilari Liusvaara wrote:
> > ## Decoding Errors
> > 
> > TLS defines two generic alerts (see {{alert-protocol}}) to use upon
> > failure to parse a message. Peers which receive a message which cannot be
> > parsed according to the syntax (e.g., have a length extending beyond the
> > message boundary or contain an out-of-range length) MUST terminate the
> > connection with a "decoding_error" alert. Peers which receive a message
> > which is syntactically correct but semantically invalid (e.g., a DHE
> > share of p - 1) MUST terminate the connection with an "illegal_parameter"
> > alert.
> What alert is used if some field is an non-extensible enumeration and
> the value transmitted is outside the legal values?
> E.g. An unknown max_fragment_length value.
> I have used illegal_parameter for errors like this.

That would be my reading of the text too.

Anything that can be parsed given the requirements on structs should not 
generate decode_error, if it needs to be rejected because of other 
limitations, it should result in an illegal_parameter.

Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purky┼łova 99/71, 612 45, Brno, Czech Republic

Attachment: signature.asc
Description: This is a digitally signed message part.

TLS mailing list

Reply via email to