It does not look like we have sufficient consensus to adopt this PR. While there is some support for simplifying alerts by removing the alert level, the current discussion raises some issues about the general approach.
1. Is it appropriate for all unknown alerts to be treated as fatal? (the current draft already states this) 2. Are there cases, such as unrecognized name. where it is useful to indicate that an alert is not fatal? If so how should this case be handled? Cheers, J&S On Wed, Oct 19, 2016 at 8:58 AM, Martin Rex <m...@sap.com> wrote: > Kyle Nekritz wrote: > > > >> This list is already missing the warning-level "unrecognized_name" > alert, > >> and such a change would imply that all new/unrecognized alerts are going > >> to be treated as fatal forever (i.e. that no new warning-level alerts > >> can ever be defined). > > > > That alert is currently defined as a fatal alert (see section 6.2 in the > > current draft). RFC 6066 also states "It is NOT RECOMMENDED to send a > > warning-level unrecognized_name(112) alert, because the client's behavior > > in response to warning-level alerts is unpredictable.", which I think > > illustrates the problem. Allowing new non-fatal alerts to be added later > > would require that existing clients ignore unknown warning alerts, > > which I think is somewhat dangerous. > > It seems that rfc6066 is not clear enough in explaining the issue > about the situation with the two WELL-DEFINED (but poorly implemented) > variants of the TLS alerts > > (1) unrecognized_name(112) level WARNING > (2) unrecognized_name(112) level FATAL > > See the *ORIGINAL* specification which created *BOTH* of these alert > variants: > > https://tools.ietf.org/html/rfc3546#page-10 > > > If the server understood the client hello extension but does not > recognize the server name, it SHOULD send an "unrecognized_name" > alert (which MAY be fatal). > > > -Martin > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
