Issue: https://github.com/tlswg/tls13-spec/issues/242
In https://github.com/tlswg/tls13-spec/pull/231, Brian Smith argues: "Nobody must ever be *required* to send an alert. Any requirement for sending an alert should be SHOULD, at most." As Dave Garrett notes in the same thread, this is a common requirement throughout the specification and we recently have had requests to add more of these requirements. This is a global specification issue, so seems appropriate to discuss on-list. FWIW, I would note that the just approved session-hash draft contains such requirements as well: https://tools.ietf.org/html/draft-ietf-tls-session-hash-06#section-5.2 "In the following, we use the phrase "abort the handshake" as shorthand for terminating the handshake by sending a fatal "handshake_failure" alert." so it could be argued that this reflects recent WG consensus. -Ekr
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls