On Mon, 10 Dec 2007, Justin Karneges wrote: > > I don't understand this talk about the SASL negotiation being attacked by a > MITM when it is taking place over TLS. There is brief mention of Bob > possibly not having a certificate or Alice not trusting Bob's CA. Does this > mean the channel binding problem only affects anonymous/unauthenticated TLS?
>From the client's perspective, yes. However in normal SASL-over-TLS scenarios the client is not authenticated to the server by TLS - after all, that's why you are doing SASL. So the server wants to be sure that it is talking directly to the client that it is authenticating, so it uses channel binding to force the authentication to fail if the client is bogus. The key is that you can't be sure that you have proper *mutual* authentication if the privacy layer isn't bound to the authentication layer. Tony. -- f.a.n.finch <[EMAIL PROTECTED]> http://dotat.at/ FAIR ISLE: NORTHWESTERLY BACKING SOUTHEASTERLY 5 TO 7, PERHAPS GALE 8 LATER. MODERATE OR ROUGH, OCCASIONALLY VERY ROUGH LATER. SHOWERS THEN RAIN. MODERATE OR GOOD.
