On 02/10/2009 11:52 PM, Kurt Zeilenga wrote: Hi,
> Here is a really brief explanation of what channel bindings are > about. Thank you Kurt for this correction of my wrong assumptions. I am still trying to understand what it really does, so I will keep asking dumb questions and will keep making comments that need correction. I hope you (and the others) don't mind. > The IETF is developing mechanisms such as SASL/SCRAM that providing > channeling bind support. When used, the client can confirm that the > SCRAM end-point and the TLS end-point its talking to are in-fact the > same end-point. Likewise, the server can confirm the SCRAM and TLS > end-points its talking to are in-fact the same. Can somebody please be a bit more specific on what avenues of attack are closed by knowing that the SCRAM and the TLS end-points are the same. My common-sense says that at best you might know they are both connected to the same MITM. Or to state my question in another way: what openings does channel binding provide for XMPP? Does it enable server authentication without server certificates? Does it enable us to do e2e security without the hassle of certificates or exchanging secrets? Or does it enable e2e security when only one of the endpoints has a certificate? thanks for helping me in understanding this thing, Winfried -- http://www.tilanus.com xmpp:[email protected] tel. 015-3613996 / 06-23303960 fax. 015-3614406
