On Thu, Sep 17, 2015 at 05:47:50PM -0400, Dave Garrett wrote: > On Thursday, September 17, 2015 03:27:10 pm Brian Smith wrote: > > (We should focus on conformant implementations because non-conformant > > implementations can do whatever they want, by definition). > > The flaw in your logic here is the fact that specifications change. > Firefox will receive a protocol_version alert from a > version-incompatible server. Both implementations could be fully > conformant to their target specifications, just different versions. > Without this alert being consistently sent, everyone gave up and > implemented a sloppy fallback mechanism which made downgrade attacks > rather simple.
Yes, exactly. Thanks. > Certificate alerts can happen pretty much anywhere and this is a > user-configurable area so it's not the implementations fault, but it > needs to know what happened for anyone to be able to handle it. User certificates will be useless without alerts for validation or authorization failures. > We could probably build a whole list here, but that's enough for me to > say that alerts matter in conformant implementations and that we need > to always expect they're used correctly. +1 Nico -- _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls