On Mon, 2007-12-10 at 10:20 -0800, Justin Karneges wrote: > I don't understand this talk about the SASL negotiation being attacked by a > MITM when it is taking place over TLS. There is brief mention of Bob > possibly not having a certificate or Alice not trusting Bob's CA. Does this > mean the channel binding problem only affects anonymous/unauthenticated TLS?
It strengthens your security properties in cases where you trust your SASL authentication mechanism more than you trust the TLS authentication mechanism. If you trust TLS to authenticate the server to the client, then I believe you can do client-to-server authentication without any form of channel binding and you're fine.
