On Mon, 10 Dec 2007, Justin Karneges wrote: > > I don't understand this talk about the SASL negotiation being attacked by a > MITM when it is taking place over TLS. There is brief mention of Bob > possibly not having a certificate or Alice not trusting Bob's CA. Does this > mean the channel binding problem only affects anonymous/unauthenticated TLS?