[Security] channel bindings

Dirk Meyer dmeyer at tzi.de
Wed Feb 18 14:10:22 CST 2009

Peter Saint-Andre wrote:
> Dirk Meyer wrote:
>> Justin Karneges wrote:
>>> On Tuesday 10 February 2009 14:52:05 Kurt Zeilenga wrote:
>>>> While the DIGEST-MD5 provides for a (limited) form of mutual
>>>> authentication, DIGEST-MD5 offers no assurance to either the client or
>>>> the party that the end points of the DIGEST-MD5 exchange are the same
>>>> as the end-points of the TLS exchange.
>>> You mean if you don't verify the TLS certificate?
>> We do, channel bindings is a fallback. If we communicate and have both
>> self-signed certificates, we can not verify each other. 
> Well, presumably we can verify each other if we use some other channel
> to communicate information about the certificates (meeting IRL is best,
> talking over the phone, encrypted email, etc.). At least then the
> attacker would need to compromise two different channels.

I think even when using the phone, we would agree on a password. It is
not very userfriendly to compare X.509 fingerprints.


A computer without Windows is like a chocolate cake without mustard.

More information about the Security mailing list