Thilo Molitor <[email protected]> writes: > Hi Daniel. > >> To put what you wrote into actionable terms for the client developer: >> "If a client sees that that the server has 0440 support it MUST set >> the 'y' flag regardless of the concrete binding mechanisms announced >> by the server" >> >> Is this a correct summary of what you wrote? > No, no. Lets try to explain it from the client developer perspective. > As a client developer, do the following: > > 0) Servers MUST implement tls-server-end-point and enable/advertise it. > Clients SHOULD implement tls-server-end-point and use it if no other > (stronger) channel-binding method is supported by both sides.
I think that would be horrible advice these days -- the
tls-server-end-point gives a false sense of security and is known
sub-optimal for years. It would be similar to urge people to MUST
implement 3DES or RC4 for TLS. There is no fatal attack for those
either, but the collective wisdom is "don't use them".
I suggest to mandate tls-exporter from RFC 9266. I believe any
deployment not being able to support this is better off not supporting
channel bindings at all, because doing so just adds complexity and
attack surface and end-user confusion ("oh nice I have a channel
binding!") for little gain.
/Simon
signature.asc
Description: PGP signature
_______________________________________________ Standards mailing list -- [email protected] To unsubscribe send an email to [email protected]
