On Sat, Sep 12, 2015 at 01:49:49PM -0700, Eric Rescorla wrote: > Issue: https://github.com/tlswg/tls13-spec/issues/242 > > In https://github.com/tlswg/tls13-spec/pull/231, Brian Smith argues: > > "Nobody must ever be *required* to send an alert. Any requirement for > sending an alert should be SHOULD, at most."
There have been two main lines of argument in this thread, paraphrased: a) don't send them, they are dangerous, and b) making it even just likely that fatal alerts reach the peer is hard, therefore why bother. I believe (a) is flawed and wrong. Fatal alerts are not the cause of version fallback reconnects, and they should not be a problem with any of the ciphersuites in 1.3. I believe (b) is no reason not to send the fatal alerts. It is reason to have text about how an implementation that cares can improve the likelihood of the peer receiving them. Yes, fatal alerts should be required to be sent. Servers should be encouraged to improve the chances of the alerts being received by clients by attempting to delay close the connection. (A simple timer is not enough; a hard limit on the number of pending-close connections is desirable. IMO.) Nico -- _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls