On Wednesday 16 September 2015 12:53:53 Brian Smith wrote: > Thus, the empirical evidence from Mozilla's > widely-deployed implementation shows that (a) the requirement to send > alerts is difficult to conform to, and (b) it is unimportant in > practice to send alerts.
and yet Firefox depends on them to report human-readable errors to users when it can't connect to a server... Making the alerts more predictable and with more pinned down meanings will only _help_ the opportunistic HTTPS and HTTPS-by-default campaigns. yes, we need to be careful about alerts that provide information about secret data, but there's very little of such data during handshaking, where the vast majority of alerts apply and where they are most useful -- Regards, Hubert Kario Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls