OK, I have another question relating to possibly using RFC 3961 checksums. Currently the GSS channel binding token from the client is marked critical, i.e. the acceptor expects it to be there (regardless of whether it has channel bindings or not). This is because the acceptor's behaviour is GSS_Unwrap() and compare, to keep its sequence number in sync with the initiator.
If we switch to a MIC, can we just omit the channel binding token in the case the client has no channel bindings? The exchange that contains the channel binding token is itself protected by a MIC, so an attacker cannot remove it. The acceptor would need to raise an error if no binding token was provided and the caller of GSS_Accept_sec_context() indicated bindings. -- Luke On 06/10/2011, at 11:33 AM, Nico Williams wrote: > On Wed, Oct 5, 2011 at 7:11 PM, Luke Howard <[email protected]> wrote: >> If they are on the wire... > > Oh, heh, sure. Excuse my silliness. -- Luke Howard / [email protected] www.padl.com / www.lukehoward.com _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
