[Security] channel bindings

Justin Karneges justin at affinix.com
Tue Feb 10 20:49:44 CST 2009


On Tuesday 10 February 2009 14:52:05 Kurt Zeilenga wrote:
> While the DIGEST-MD5 provides for a (limited) form of mutual
> authentication, DIGEST-MD5 offers no assurance to either the client or
> the party that the end points of the DIGEST-MD5 exchange are the same
> as the end-points of the TLS exchange.

You mean if you don't verify the TLS certificate?

-Justin


More information about the Security mailing list