[Security] channel bindings
Kurt.Zeilenga at Isode.com
Tue Feb 10 21:59:05 CST 2009
On Feb 10, 2009, at 6:49 PM, Justin Karneges wrote:
> On Tuesday 10 February 2009 14:52:05 Kurt Zeilenga wrote:
>> While the DIGEST-MD5 provides for a (limited) form of mutual
>> authentication, DIGEST-MD5 offers no assurance to either the client
>> the party that the end points of the DIGEST-MD5 exchange are the same
>> as the end-points of the TLS exchange.
> You mean if you don't verify the TLS certificate?
I notice you said "the TLS certificate". In the above scenario, there
would generally only the server would assert a certificate so I assume
you refer to the server's TLS certificate.
If the server asserts a certificate, and the client verifies it, this
certainly doesn't help the server confirm that the established TLS
channel is to the same end point that doing SASL authentication with.
And certainly it would be unwise for the server to assume the user/
client properly verified the server's certificate.
With channel binding in a mechanism such as SASL/SCRAM, both the
client and server are assured that the SCRAM endpoints are the same as
the TLS endpoints without worry about whether the other verified any
More information about the Security