[Standards] Channel binding and token authentication

Matthew Wild mwild1 at gmail.com
Tue Sep 27 08:58:46 UTC 2022


On Tue, 27 Sep 2022, 09:46 Dave Cridland, <dave at cridland.net> wrote:

>  Before committing to this, some observations:
>
> - HT-*-NONE is needed for cases where there's no TLS at all. These are
> rare, but there's legitimate cases where this is a sensible choice.
> - Channel bindings can be used in cases where TLS is terminated in advance
> by either:
>   - Using TLS Endpoint channel bindings, which merely mean the XMPP server
> needs to know the certificate which is to be used, or
>   - Just going through the motions and blindly accepting the client's
> channel binding choice, perhaps most sensibly by again using
> tls-server-end-point
>
> So I'm not *against* a HT-*-NONE, but I wonder if we should promote the
> second bullet-point above the first?
>

What would you propose exactly? That web clients just send some junk data
and servers just accept it?

I think any mode that blindly accepts in this way is worse than explicitly
not using channel binding. With the planned token authentication protocols,
a token is bound to a specific mechanism. That means if it is obtained with
support for channel binding, it can only be used for authentication with
that channel binding. If the server isn't always verifying the channel
binding data, this undermines the security of this mechanism.

Unless I'm misunderstanding your proposal.

Regards,
Matthew
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/standards/attachments/20220927/5c7efb70/attachment.html>


More information about the Standards mailing list