[Security] channel bindings
dmeyer at tzi.de
Tue Feb 17 11:54:44 CST 2009
Eric Rescorla wrote:
> I don't have time to write a full note here, but I wanted to observe that
> the corresponding TLS mechanism to SCRAM is really TLS-PSK,
> which *is* in OpenSSL. SRP differs from SCRAM and PSK in that
> an attacker can't dictionary search the password offline, whereas
> in SCRAM/PSK he can.
I would like to hear your thoughts on
I agree with you, for me TLS-SRP looks like a better method than channel
bindings with SCRAM. Do you know of any post 2002 development of the SRP
Smash forehead on keyboard to continue.....
More information about the Security