+1 to both Martin and ekr, I think simplifying these alerts with clearly 
defined behavior for each alert description is the best way forward.

Kyle 

-----Original Message-----
From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Martin Thomson
Sent: Wednesday, October 19, 2016 10:18 PM
To: Eric Rescorla <e...@rtfm.com>
Cc: tls@ietf.org
Subject: Re: [TLS] Deprecating alert levels

On 20 October 2016 at 05:28, Eric Rescorla <e...@rtfm.com> wrote:
>> 2.  Are there cases, such as unrecognized name. where it is useful to 
>> indicate that an alert is not fatal?  If so how should this case be handled?
>
>
> I think this alert was a mistake :)

In NSS is to tolerate it, but it's an exception.  I'm happier with a lone 
exception than with atrophied and redundant alert levels continuing as they 
are.  I'd prefer to take the PR, with a minor amendment noting the hazard 
caused by unrecognized_name(112).  Clients that intend to accept TLS 1.2 and 
lower probably have to ignore warning alerts until they see that the server is 
doing TLS 1.3 or higher.

_______________________________________________
TLS mailing list
TLS@ietf.org
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_tls&d=DQICAg&c=5VD0RTtNlTh3ycd41b3MUw&r=l2j4BjkO0Lc3u4CH2z7jPw&m=1svSdxAuionbHyrUN4ThSCRLZ1pCQuLaO0qtgQ8Dk7A&s=jWxxDB9uWwT6kP_7TcZ4isUa_Z5LNWOhgMX_O1s3oaw&e=
 

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Reply via email to