Hi all, As you may be aware, the channel binding mechanisms used in SCRAM-SHA-1- PLUS have some caveats in how they can be used. In particular, weaknesses in TLS 1.2 around renegotiation and the TLS master secret make them unusable in some implementations without the TLS master secret fix, and they aren't defined at all for TLS 1.3.
To remedy this I have been considering what a new channel binding mechanism that works with TLS 1.3 might look like and have defined one in the following I-D (which has not yet been accepted or reviewed by the IETF, I just uploaded it so that I could send an email to the working group and link to the idea): https://datatracker.ietf.org/doc/draft-whited-tls-channel-bindings-for-tls13/ It still has some caveats around using it with older versions of TLS, but I think it's an improvement on the state of the art all the same and would love to get your feedback since it's primarily being defined for use in XMPP. Thanks, Sam -- Sam Whited _______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________
