On Wed, Sep 16, 2015 at 12:53:53PM -0700, Brian Smith wrote: > Further, the alerting mechanism has encouraged the unsafe practice of > "version fallback." It is clear from looking at the bug databases of > Firefox and Chrome that their attempts to make security decisions based on > what alerts they received was bad for security.
Do we think that silent connection closings wouldn't also lead to version fallback? "Let's try this. Nope, didn't work. Let's try this other thing... Nope, didn't work. ..." Fatal alerts are quite handy for diagnostics on the client side, really. I'd rather keep them than remove them, but I'd be OK with clients never sending them. I'm OK with fata alerts being SHOULD send. I'm OK with having text explaining how to send them such that peers (clients) will get a fair chance of receiving them. We shouldn't always fight the last war. I hope the browsers won't implement reconnect version fallbacks again, ever. Nico -- _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls