[TLS] Need for S->C signaling

To: "tls at ietf.org" <tls at ietf.org>
Subject: [TLS] Need for S->C signaling
From: Stefan Santesson <stefan at aaa-sec.com>
Date: Thu, 19 Nov 2009 09:45:41 +0100
Delivered-to: tls at core3.amsl.com
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
Thread-index: Acpo9KyRPgf2+uHuMUmsQXxOU+h1aA==
Thread-topic: Need for S->C signaling
User-agent: Microsoft-Entourage/12.23.0.091001

Title: Need for S->C signaling

Just a question to make sure we have accurately exhausted this aspect.

Is it really necessary for the Server to signal that is is patched other than using a modified finished calculation if it is patched/upgraded.

One scenario could be:

1) Client use the magic cipher suite to signal that it is patched/upgraded.
2) Client sends a normal finished message.
3a) Un-patched server replies with normal finished message.
3b) Patched server replies with upgraded finished message.

This way the client could determine whether the server is patched or not and act accordingly and get the security context of renegotiate from the patched server.

There are probably reasons why this is not a good idea. I’m just not really sure what they are.

/Stefan

Follow-Ups:
- Re: [TLS] Need for S->C signaling
  - From: Dr Stephen Henson
- Re: [TLS] Need for S->C signaling
  - From: Nasko Oskov
- Re: [TLS] Need for S->C signaling
  - From: Yoav Nir

Prev by Date: Re: [TLS] Proposal for hybrid solution using most of the ideas
Next by Date: Re: [TLS] Proposal for hybrid solution using most of the ideas
Previous by thread: [TLS] Proposal for hybrid solution using most of the ideas
Next by thread: Re: [TLS] Need for S->C signaling
Index(es):
- Date
- Thread

[TLS] Need for S->C signaling

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.