On Wed, 19 Oct 2022 at 16:02, Thilo Molitor <[email protected]> wrote:
> Am Mittwoch, 19. Oktober 2022, 16:32:55 CEST schrieb Dave Cridland: > > Small point: GS2 doesn't ever allow clients to know if channel binding is > > proven, since the channel binding data is passed in the clear to the > > server. It does prove the server saw the channel binding data as sent by > > the client, but not whether the server can see the same channel. > > Surely the GS2 implementing server would abort authentication if the > channel- > binding data did not match it's own channel. right? That would be a sensible and conformant implementation, yes. But what I was meaning is that the client cannot prove that the server has done so. It's mostly an irrelevance, really - but when we're discussing what can and cannot be proven at either end, I think it's important to be accurate. Dave.
_______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________
