+1 to both Martin and ekr, I think simplifying these alerts with clearly defined behavior for each alert description is the best way forward.
Kyle -----Original Message----- From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Martin Thomson Sent: Wednesday, October 19, 2016 10:18 PM To: Eric Rescorla <e...@rtfm.com> Cc: tls@ietf.org Subject: Re: [TLS] Deprecating alert levels On 20 October 2016 at 05:28, Eric Rescorla <e...@rtfm.com> wrote: >> 2. Are there cases, such as unrecognized name. where it is useful to >> indicate that an alert is not fatal? If so how should this case be handled? > > > I think this alert was a mistake :) In NSS is to tolerate it, but it's an exception. I'm happier with a lone exception than with atrophied and redundant alert levels continuing as they are. I'd prefer to take the PR, with a minor amendment noting the hazard caused by unrecognized_name(112). Clients that intend to accept TLS 1.2 and lower probably have to ignore warning alerts until they see that the server is doing TLS 1.3 or higher. _______________________________________________ TLS mailing list TLS@ietf.org https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_tls&d=DQICAg&c=5VD0RTtNlTh3ycd41b3MUw&r=l2j4BjkO0Lc3u4CH2z7jPw&m=1svSdxAuionbHyrUN4ThSCRLZ1pCQuLaO0qtgQ8Dk7A&s=jWxxDB9uWwT6kP_7TcZ4isUa_Z5LNWOhgMX_O1s3oaw&e= _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls