Another use case of tls-server-end-point is for cases where you are unable to support tls-exporter, ie. in some languages TLS/SSL stack doesn’t expose data required for tls-exporter. In those cases it is better to have tls-server-end-point for channel binding instead of not having anything available.
> Wiadomość napisana przez Holger Weiß <[email protected]> w dniu > 11.01.2024, o godz. 13:39: > > * Simon Josefsson <[email protected]> [2024-01-11 13:10]: >> I believe tls-server-end-point is generally best left unimplemented to >> guide efforts towards supporting the stronger tls-exporter. > > One use case I see for tls-server-end-point is that it allows for supporting > channel binding by setups where TLS is terminated by some reverse proxy, > thereby protecting against _some_ but not all attack vectors that > tls-exporter protects against. > > Holger > _______________________________________________ > Standards mailing list -- [email protected] > To unsubscribe send an email to [email protected] Regards, Andrzej Wójcik XMPP: [email protected] Email: [email protected]
_______________________________________________ Standards mailing list -- [email protected] To unsubscribe send an email to [email protected]
