[Security] channel bindings

Dirk Meyer dmeyer at tzi.de
Tue Feb 17 11:52:58 CST 2009


Dave Cridland wrote:
>> Well, with SRP we need to know if we need it. Once we started
>> certificate based TLS, it is too late to switch to SRP when the
>> clients do not recognize the certificates. What XEP-0250 does is
>> exchange some information what certificates the clients will use to
>> detect if SRP is needed or not. That's all.
>
> I was under the impression that you could negotiate with your
> self-signed certificates, and then one or other end could cause a
> renegotiation with SRP, which would be integrity protected with the
> previous magic, thus proving the previous X.509 incantation and
> current SRP spell were cast by the same entity.

I'm not sure how much TLS libraries support renegotiation.

> There's no need for the channel used to run the channel binding
> exchange on to the the same as the channel it's binding, rather
> curiously - the channel used is expected to potentially have a MITM
> present, otherwise there'd be no point in channel binding.
>
> So we can use the existing XMPP C2S/S2S/S2C hops to actually run the
> channel binding on.

Inside Jingle:
http://xmpp.org/extensions/inbox/jingle-xtls.html#sect-id2254227


Dirk

-- 
Beat me, whip me, make me use Windows!


More information about the Security mailing list