[Standards] IETF SASL WG meeting
Peter Saint-Andre
stpeter at stpeter.im
Tue Dec 11 12:01:13 CST 2007
Alexey Melnikov wrote:
> Greg Hudson wrote:
>
>> On Mon, 2007-12-10 at 10:20 -0800, Justin Karneges wrote:
>>
>>
>>> I don't understand this talk about the SASL negotiation being
>>> attacked by a MITM when it is taking place over TLS. There is brief
>>> mention of Bob possibly not having a certificate or Alice not
>>> trusting Bob's CA. Does this mean the channel binding problem only
>>> affects anonymous/unauthenticated TLS?
>>>
>> It strengthens your security properties in cases where you trust your
>> SASL authentication mechanism more than you trust the TLS authentication
>> mechanism.
>>
>>
> I would rephrase this to say: if authentication of the client to the
> server happens in a different layer from authentication of the server to
> the client, then channel bindings are needed.
>
>> If you trust TLS to authenticate the server to the client, then I
>> believe you can do client-to-server authentication without any form of
>> channel binding and you're fine.
>>
>>
> Yes, mutual authentication at TLS layer + SASL EXTERNAL don't need any
> channel bindings.
This is an interesting discussion, but I'm wondering what changes we
need to make (if any) in rfc3920bis to handle this.
Peter
--
Peter Saint-Andre
https://stpeter.im/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/standards/attachments/20071211/9fb0205e/attachment.bin
More information about the Standards
mailing list