On Nov 19, 2009, at 10:45 AM, Stefan Santesson wrote:
Just a question to make sure we have accurately exhausted this aspect.
Is it really necessary for the Server to signal that is is patched other than using a modified finished calculation if it is patched/upgraded.
One scenario could be:
1) Client use the magic cipher suite to signal that it is patched/upgraded.
2) Client sends a normal finished message.
3a) Un-patched server replies with normal finished message.
3b) Patched server replies with upgraded finished message.
This way the client could determine whether the server is patched or not and act accordingly and get the security context of renegotiate from the patched server.
There are probably reasons why this is not a good idea. I’m just not really sure what they are.
Not a "good" reason, but vulnerability scanners want to fingerprint which servers are patched and which are not patched.
Signaling in ServerHello allows them to do it immediately, while having to determine this by the Finished message is harder.
A slightly better reason is that the logic the client has to implement is slightly more complex, and you lose one bit of security (two right answers). This is not too bad IMO
Anyway, I like this proposal just fine.
