> But that leaves clients not able to implement this type, or any > channel-binding at all, vulnerable to downgrades of channel-binding types and > SASL mechanisms.
This specification protects clients that are not able to support channel binding from being tricked into thinking the server doesn’t support channel binding either? That doesn’t make sense. No matter if an attacker strips the channel binding announcement the client still won’t support channel binding. cheers Daniel _______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________
