[Standards] NEW: XEP-0440 (SASL Channel-Binding Type Capability)
Ruslan N. Marchenko
me at ruff.mobi
Thu Jul 16 11:08:40 UTC 2020
Am Donnerstag, den 16.07.2020, 10:33 +0000 schrieb Daniel Gultsch:
> Am Do., 16. Juli 2020 um 10:13 Uhr schrieb Florian Schmaus <
> flo at geekplace.eu>:
> > If you send 'y', which implies that you, the client, did not select
> > a
> > -PLUS mechanism for authentication, while the server announces at
> > least
> > one SCRAM-*-PLUS mechanism, then the server may suspect a MitM
> > attack
> > and terminates the connection.
> Yes. But that's the desired behaviour, no?
Desired by MitM, yes :)
I'd rather suggest if no matching methods are found just ignore the the
hint and do tls-unique (as you would do in absence of this method) or
any other method you support instead in local preference order (eg tls-
exporter, then tsl-server-end-point, etc.).
More information about the Standards