[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: returning to the previous state

To: ietf-apps-tls@xxxxxxx
Subject: Re: returning to the previous state
From: "Paul E. Hoffman" <phoffman@xxxxxxx>
Date: Sat, 17 May 1997 16:17:13 -0700
In-reply-to: <>
Sender: owner-ietf-apps-tls@xxxxxxx

At 4:13 PM -0700 5/15/97, Mark Wahl wrote:
>After a TLS connection has been established over top of an existing protocol's
>TCP connection, as could be done using draft-hoffman-smtp-ssl-02, is the
>meaning of the "close_notify" alert in TLS that the sender will revert
>back to
>using the protocol (such as SMTP) in the state from before TLS was
>established?

That's outside of the specs. :-)

But seriously, it really is. There is nothing in the TLS spec that says
anything about the API that is used to tell the higher-level protocol (in
our case, SMTP). So, for example, when I say in the SMTP/TLS spec "you must
check whether the level of privacy you got from the TLS handshake is enough
to go on", I do not say how to check this because that is an API issue.

I've been told that, to date, all TLS implementations have an API that
would prevent a TLS close_notify alert (that's in Section 6.2.1 of the TLS
spec) from allowing the higher-level protocol from continuing on, period.
After the close_notify, you can't say or hear anything without doing
another negotiation.

However, it is conceivable that some future (very bad) implementation of
TLS would not do anything after a close_notify.

--Paul E. Hoffman, Director
--Internet Mail Consortium

Follow-Ups:
- Re: returning to the previous state
  - From: Mark Wahl
- Re: returning to the previous state
  - From: Jim Lawson Williams

References:
- returning to the previous state
  - From: Mark Wahl

Prev by Date: Re: support for SSL 2.0 in StartTLS-capable apps?
Next by Date: Re: returning to the previous state
Previous by thread: returning to the previous state
Next by thread: Re: returning to the previous state
Index(es):
- Date
- Thread