>>>>> "Jim" == Jim Schaad <i...@augustcellars.com> writes: >> There doesn't seem to be a way for a server to request channel >> binding. If that's true we should probably add the following: >> Since a server cannot indicate a desire for channel binding, >> clients that Jim> have >> channel binding data to send SHOULD include channel-binding TLV >> in a request-action TLV if mutual authentication (section 3.11) >> succeeded.
Jim> If this is true - then I agree it is a flaw. Jim> I think that one could send a channel-binding TLV with no data Jim> to request that a client send channel binding data back. This Jim> should not cause any significant problems. If that's permitted then it should be explicitly documented. I think that if this is permitted, everyone who implements channel binding needs to be required to support this. Jim> One could then have Channel-binding server->peer - no data Jim> Channel-binding peer->server - here is my data Channel-binding Jim> server->peer - here is my data Again, let's document this if it is permitted. It's clear the spec is unclear if you and I read if differently. Jim> However I believe that the client can initiate this by just Jim> sending the channel binding TLV in the clear and not in a Jim> request if the client wants to initiate it. My reading is that you cannot send a channel binding outside of a request. This needs clarification as well if we're reading it differently. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu