11 Jan
2024
11 Jan
'24
5:45 a.m.
Another use case of tls-server-end-point is for cases where you are unable to support
tls-exporter, ie. in some languages TLS/SSL stack doesn’t expose data required for
tls-exporter. In those cases it is better to have tls-server-end-point for channel binding
instead of not having anything available.
Wiadomość napisana przez Holger Weiß
<holger(a)zedat.fu-berlin.de> w dniu 11.01.2024, o godz. 13:39:
* Simon Josefsson <simon(a)josefsson.org> [2024-01-11 13:10]:
Regards,
Andrzej Wójcik
XMPP: andrzej.wojcik(a)tigase.org
Email: andrzej.wojcik(a)tigase.net
I believe tls-server-end-point is generally best
left unimplemented to
guide efforts towards supporting the stronger tls-exporter.
One use case I see for tls-server-end-point is that it allows for supporting channel
binding by setups where TLS is terminated by some reverse proxy, thereby protecting
against _some_ but not all attack vectors that tls-exporter protects against.
Holger
_______________________________________________
Standards mailing list -- standards(a)xmpp.org
To unsubscribe send an email to standards-leave(a)xmpp.org