[Standards] IETF SASL WG meeting
Justin Karneges
justin-keyword-jabber.093179 at affinix.com
Tue Dec 11 16:03:17 CST 2007
On Tuesday 11 December 2007 9:15 am, Greg Hudson wrote:
> On Mon, 2007-12-10 at 10:20 -0800, Justin Karneges wrote:
> > I don't understand this talk about the SASL negotiation being attacked by
> > a MITM when it is taking place over TLS. There is brief mention of Bob
> > possibly not having a certificate or Alice not trusting Bob's CA. Does
> > this mean the channel binding problem only affects
> > anonymous/unauthenticated TLS?
>
> It strengthens your security properties in cases where you trust your
> SASL authentication mechanism more than you trust the TLS authentication
> mechanism.
In that case, is it even relevant that TLS is used? If you trust SASL more
than your underlying transport layer, then you negotiate your SASL security
layer and be done with it.
Is the idea that you should be able to bind to an underlying privacy layer if
it is stronger than what SASL can provide?
> If you trust TLS to authenticate the server to the client, then I
> believe you can do client-to-server authentication without any form of
> channel binding and you're fine.
This makes sense to me.
-Justin
More information about the Standards
mailing list