New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
validating Version Information on compatible negotiation #72
Comments
Can you elaborate? What validation should the client do if it hasn't reacted to a VN packet? |
I think that Chosen Version MUST be the same as the version in the Initial packet from the server. |
That doesn't quite work - sometimes you might use some packets of the original version (see #25 and #67). The security property we want is to ensure that after the handshake, the server's "Chosen Version" is the one used by the connection. That property is guaranteed by this text from the end of Section 6:
|
@DavidSchinazi So, why does a server have to send back Version Information (which is not validated at all) for compatible negotiation? |
This exists to prevent an attacker from modifying the version: since the authenticity of version information is protected during the handshake, it guarantees that, once the handshake is complete, the client is using the version that the server chose. |
Do you mean that a client should check if Chosen Version is the same as using version when handshake is complete? |
Yes, that's one way of implementing this |
I'm reading editor's draft.
It says that both peers MUST parse Version Information. This is good.
However, a client MUST validate Version Information only on incompatible version negotiation ("acted on a Version Negotiation packet"). I think the same validation should be done on compatible version negotiation.
The text was updated successfully, but these errors were encountered: