No subject
Fri Aug 3 19:33:07 CDT 2007
scenarios the client is not authenticated to the server by TLS - after
all, that's why you are doing SASL. So the server wants to be sure that it
is talking directly to the client that it is authenticating, so it uses
channel binding to force the authentication to fail if the client is
bogus. The key is that you can't be sure that you have proper *mutual*
authentication if the privacy layer isn't bound to the authentication
layer.
Tony.
--
f.a.n.finch <dot at dotat.at> http://dotat.at/
FAIR ISLE: NORTHWESTERLY BACKING SOUTHEASTERLY 5 TO 7, PERHAPS GALE 8 LATER.
MODERATE OR ROUGH, OCCASIONALLY VERY ROUGH LATER. SHOWERS THEN RAIN. MODERATE
OR GOOD.
More information about the Standards
mailing list