[Security] channel bindings

Dirk Meyer dmeyer at tzi.de
Wed Feb 11 06:35:14 CST 2009

Winfried Tilanus wrote:
> Can somebody please be a bit more specific on what avenues of attack are
> closed by knowing that the SCRAM and the TLS end-points are the same. My
> common-sense says that at best you might know they are both connected to
> the same MITM.

No. SCRAM uses parts of the TLS communication with the password. If
there is a MITM, the peers have a different key for the channel binding
and it will fail. And the MITM does not has the password, so the SCRAM
stuff is end-to-end.



I have always wished for my computer to be as easy to use as my telephone;
my wish has come true because I can no longer figure out how to use my
telephone. -- Bjarne Stroustrup

More information about the Security mailing list