Bill Frantz <frantz@xxxxxxxxxxxxxx> writes: > We have always avoided the long form error messages in TLS > because they can be of great help to attackers as well as > debuggers. I think this objection is much weaker if we write the > long form error messages into a log that is kept with other > server logs. I'd not considered textual messages. What struck me is that the draft has dozens, maybe more than 100, conditions that must be satisfied, and only a few different error codes. It strikes me that each particular rule could be assigned an error number, so an implementation could point out which of the dozens of rules was violated in a particular handshake. Dale
