Anyway, I don't mean I'm against the idea of the extended errors extensions.... Only that let's not take it lightly. It can be a good debugging tool but also a risky one. ________________________________________ De: TLS <tls-bounces@xxxxxxxx> en nombre de Ion Larranaga Azcue <ilarra@xxxxxxxxxx> Enviado: domingo, 1 de abril de 2018 11:55 Para: Peter Gutmann; Eric Rescorla Cc: General Area Review Team; Dale R. Worley; IETF discussion list; draft-ietf-tls-tls13.all@xxxxxxxx; <tls@xxxxxxxx> Asunto: Re: [TLS] Expanded alert codes. [Was Re: Genart last call review of draft-ietf-tls-tls13-24] Of course not. I mean an attacker who is specially interested in this server and knows that someone has requested a debug window on it. ________________________________________ De: Peter Gutmann <pgut001@xxxxxxxxxxxxxxxxx> Enviado: domingo, 1 de abril de 2018 10:14 Para: Ion Larranaga Azcue; Eric Rescorla Cc: IETF discussion list; General Area Review Team; draft-ietf-tls-tls13.all@xxxxxxxx; Dale R. Worley; <tls@xxxxxxxx> Asunto: Re: [TLS] Expanded alert codes. [Was Re: Genart last call review of draft-ietf-tls-tls13-24] Ion Larranaga Azcue <ilarra@xxxxxxxxxx> writes: >And for the malicious user that, knowing the server is currently in debug >mode and returning extended errors, can more easily perform attacks on it.... If there's someone on the Internet who can scan every TLS server on the planet once a minute to see a brief debug window open up, and then perform something like a million-message-attack using a single debug message, then they're kinda wasting their abilities in attacking TLS servers... Peter. _______________________________________________ TLS mailing list TLS@xxxxxxxx https://www.ietf.org/mailman/listinfo/tls
