Re: [TLS] Genart last call review of draft-ietf-tls-tls13-24

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Bill Frantz <frantz@xxxxxxxxxxxxxx> writes:

>We have always avoided the long form error messages in TLS because they can
>be of great help to attackers as well as debuggers. 

That's why I said it was a debug-only capability, not an always-enabled on-by-
default capability.

>I think this objection is much weaker if we write the long form error
>messages into a log that is kept with other server logs.

That's the worst-case debugging scenario I mentioned where you need to contact
the server admin on every test run to see what went wrong.  What you've
described is the (broken) status quo that people in this thread are trying to fix.

Peter.





[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux