Dirk Meyer wrote: > Justin Karneges wrote: >> On Tuesday 10 February 2009 14:52:05 Kurt Zeilenga wrote: >>> While the DIGEST-MD5 provides for a (limited) form of mutual >>> authentication, DIGEST-MD5 offers no assurance to either the client or >>> the party that the end points of the DIGEST-MD5 exchange are the same >>> as the end-points of the TLS exchange. >> You mean if you don't verify the TLS certificate? > > We do, channel bindings is a fallback. If we communicate and have both > self-signed certificates, we can not verify each other.
Well, presumably we can verify each other if we use some other channel to communicate information about the certificates (meeting IRL is best, talking over the phone, encrypted email, etc.). At least then the attacker would need to compromise two different channels. Peter
smime.p7s
Description: S/MIME Cryptographic Signature
