[Standards] Channel Binding with TLS 1.3

Daniel Gultsch daniel at gultsch.de
Wed May 6 15:32:53 UTC 2020


Am Fr., 1. Mai 2020 um 16:28 Uhr schrieb Sam Whited <sam at samwhited.com>:

> As you may be aware, the channel binding mechanisms used in SCRAM-SHA-1-
> PLUS have some caveats in how they can be used. In particular,
> weaknesses in TLS 1.2 around renegotiation and the TLS master secret
> make them unusable in  some implementations without the TLS master
> secret fix, and they aren't defined at all for TLS 1.3.
> To remedy this I have been considering what a new channel binding
> mechanism that works with TLS 1.3 might look like and have defined one
> in the following I-D (which has not yet been accepted or reviewed by the
> IETF, I just uploaded it so that I could send an email to the working
> group and link to the idea):
> https://datatracker.ietf.org/doc/draft-whited-tls-channel-bindings-for-tls13/

I don’t have a lot of feedback aside from yes, I want channel binding.
Unfortunately I don’t know enough about TLS and SCRAM to contribute
anything useful.

As I understand it the TLS implementation needs to support rfc5705 for
this to work. Do you happen to know if this is the case for some of
the more popular libraries?


More information about the Standards mailing list