On Tue, 13 Dec 2022 at 18:04, Jonas Schäfer <[email protected]> wrote:
> Version 0.1.0 of XEP-0474 (SASL SCRAM Downgrade Protection) has been > released. > I had a long discussion off-list with Thilo on this, and I broadly think it has very little utility - at best, you can tell if you've been downgraded *to* a SCRAM-family mechanism, but one that is still considered secure (since otherwise the attacker could trivially forge the ssdp SCRAM attribute). So this surely only detects a downgrade when the downgrade hasn't been successful. No? Out of curiosity, if we were to say that the mechanisms and TLS channel bindings stream features were repeated after the authentication (perhaps as actual stream features, but more sensibly somewhere else - <success/> and <continue/> possibly?) would this satisfy the requirements better? Differently? Not at all? And if this isn't making things better, are we better off talking about clients latching on preferred mechanisms?
_______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________
