Peter Saint-Andre wrote: > Dirk Meyer wrote: >> Justin Karneges wrote: >>> On Tuesday 10 February 2009 14:52:05 Kurt Zeilenga wrote: >>>> While the DIGEST-MD5 provides for a (limited) form of mutual >>>> authentication, DIGEST-MD5 offers no assurance to either the client or >>>> the party that the end points of the DIGEST-MD5 exchange are the same >>>> as the end-points of the TLS exchange. >>> You mean if you don't verify the TLS certificate? >> >> We do, channel bindings is a fallback. If we communicate and have both >> self-signed certificates, we can not verify each other. > > Well, presumably we can verify each other if we use some other channel > to communicate information about the certificates (meeting IRL is best, > talking over the phone, encrypted email, etc.). At least then the > attacker would need to compromise two different channels.
I think even when using the phone, we would agree on a password. It is not very userfriendly to compare X.509 fingerprints. Dirk -- A computer without Windows is like a chocolate cake without mustard.
