[Standards] IETF SASL WG meeting
Alexey Melnikov
alexey.melnikov at isode.com
Tue Dec 11 11:56:53 CST 2007
Greg Hudson wrote:
>On Mon, 2007-12-10 at 10:20 -0800, Justin Karneges wrote:
>
>
>>I don't understand this talk about the SASL negotiation being attacked by a
>>MITM when it is taking place over TLS. There is brief mention of Bob
>>possibly not having a certificate or Alice not trusting Bob's CA. Does this
>>mean the channel binding problem only affects anonymous/unauthenticated TLS?
>>
>>
>It strengthens your security properties in cases where you trust your
>SASL authentication mechanism more than you trust the TLS authentication
>mechanism.
>
>
I would rephrase this to say: if authentication of the client to the
server happens in a different layer from authentication of the server to
the client, then channel bindings are needed.
>If you trust TLS to authenticate the server to the client, then I
>believe you can do client-to-server authentication without any form of
>channel binding and you're fine.
>
>
Yes, mutual authentication at TLS layer + SASL EXTERNAL don't need any
channel bindings.
More information about the Standards
mailing list