On Wed, 19 Oct 2022 at 14:59, Thilo Molitor <[email protected]> wrote:
> That's a wekness of SCRAM itself. Channel-binding problems will be > detected > after the client-final-message as well. > Small point: GS2 doesn't ever allow clients to know if channel binding is proven, since the channel binding data is passed in the clear to the server. It does prove the server saw the channel binding data as sent by the client, but not whether the server can see the same channel. Dave.
_______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________
