[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: returning to the previous state
At 4:13 PM -0700 5/15/97, Mark Wahl wrote:
>After a TLS connection has been established over top of an existing protocol's
>TCP connection, as could be done using draft-hoffman-smtp-ssl-02, is the
>meaning of the "close_notify" alert in TLS that the sender will revert
>using the protocol (such as SMTP) in the state from before TLS was
That's outside of the specs. :-)
But seriously, it really is. There is nothing in the TLS spec that says
anything about the API that is used to tell the higher-level protocol (in
our case, SMTP). So, for example, when I say in the SMTP/TLS spec "you must
check whether the level of privacy you got from the TLS handshake is enough
to go on", I do not say how to check this because that is an API issue.
I've been told that, to date, all TLS implementations have an API that
would prevent a TLS close_notify alert (that's in Section 6.2.1 of the TLS
spec) from allowing the higher-level protocol from continuing on, period.
After the close_notify, you can't say or hear anything without doing
However, it is conceivable that some future (very bad) implementation of
TLS would not do anything after a close_notify.
--Paul E. Hoffman, Director
--Internet Mail Consortium