Versioning

By design MSL messages are not explicitly versioned. Successful communication between entities depends upon foreknowledge that each entity can successfully authenticate, verify the integrity of, and decrypt the ciphertext of any messages generated by the other entity.

The ciphertext and signature envelopes are individually and independently versioned. Entity authentication, user authentication, and key exchange schemes are not versioned but should instead be replaced if discovered to be insecure. A receiving entity must only accept envelope versions and schemes that it considers secure.

An entity will communicate its support for specific features and cryptographic algorithms by including those in messages it creates.

If a flaw is discovered that would lead to the compromise of cryptographic keys, new keys must be used after the flaw is fixed. If a flaw is discovered in the messaging protocol or encoding, updated entities must reject messages that exhibit the flaw. An appropriate error response may be returned, along with optional localized text informing the user that a software upgrade is required.