[Security] channel bindings

Kurt Zeilenga Kurt.Zeilenga at Isode.com
Tue Feb 10 21:59:05 CST 2009


On Feb 10, 2009, at 6:49 PM, Justin Karneges wrote:

> On Tuesday 10 February 2009 14:52:05 Kurt Zeilenga wrote:
>> While the DIGEST-MD5 provides for a (limited) form of mutual
>> authentication, DIGEST-MD5 offers no assurance to either the client  
>> or
>> the party that the end points of the DIGEST-MD5 exchange are the same
>> as the end-points of the TLS exchange.
>
> You mean if you don't verify the TLS certificate?

I notice you said "the TLS certificate".  In the above scenario, there  
would generally only the server would assert a certificate so I assume  
you refer to the server's TLS certificate.

If the server asserts a certificate, and the client verifies it, this  
certainly doesn't help the server confirm that the established TLS  
channel is to the same end point that doing SASL authentication with.   
And certainly it would be unwise for the server to assume the user/ 
client properly verified the server's certificate.

With channel binding in a mechanism such as SASL/SCRAM, both the  
client and server are assured that the SCRAM endpoints are the same as  
the TLS endpoints without worry about whether the other verified any  
certificates.

-- Kurt




More information about the Security mailing list