[Security] channel bindings

Peter Saint-Andre stpeter at stpeter.im
Wed Feb 18 12:58:39 CST 2009


Dirk Meyer wrote:
> Justin Karneges wrote:
>> On Tuesday 10 February 2009 14:52:05 Kurt Zeilenga wrote:
>>> While the DIGEST-MD5 provides for a (limited) form of mutual
>>> authentication, DIGEST-MD5 offers no assurance to either the client or
>>> the party that the end points of the DIGEST-MD5 exchange are the same
>>> as the end-points of the TLS exchange.
>> You mean if you don't verify the TLS certificate?
> 
> We do, channel bindings is a fallback. If we communicate and have both
> self-signed certificates, we can not verify each other. 

Well, presumably we can verify each other if we use some other channel
to communicate information about the certificates (meeting IRL is best,
talking over the phone, encrypted email, etc.). At least then the
attacker would need to compromise two different channels.

Peter

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6751 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/security/attachments/20090218/3f8a14cf/attachment.bin 


More information about the Security mailing list