On Monday 10 December 2007 8:18 am, Dave Cridland wrote: > On Fri Dec 7 00:36:04 2007, Peter Saint-Andre wrote: > > Any chance that someone will write up the results of that exchange > > into > > more readable text? Perhaps rfc5056bis is already on the way? ;-) > > Maybe http://blog.dave.cridland.net/?p=43 might help. Or maybe it > won't.
Still doesn't help. :) I don't understand this talk about the SASL negotiation being attacked by a MITM when it is taking place over TLS. There is brief mention of Bob possibly not having a certificate or Alice not trusting Bob's CA. Does this mean the channel binding problem only affects anonymous/unauthenticated TLS? -Justin
