On Wed, Sep 16, 2015 at 12:02:57PM +0200, Florian Weimer wrote: > I'm trying to explain that any requirement to send fatal alerts will be > difficult to implement. With the BSD sockets API, the only way to do > that reliable is *not* to close the socket immediately, which is > apparently not what you (or existing APIs) expect, and which is where > the difficulty lies.
This is silly. The server sends the alert on a best-effort basis. We cannot impose a magical requirement that the alert gets there. The requirement is to send, not to guarantee successful transmission. Sending is easy, just write the alert down the socket (even that might fail and that's fine). In practice, if the the server is the first to detect an error, its alert gets to the client. There's no need to read too much into this. -- Viktor. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls