On Tue, Aug 05, 2014 at 01:44:19PM -0700, Christian Huitema wrote: > Absolutely. By the way, having hooks like the unique session-ID of TCP > Crypt is essential. It allows applications to implement a simple MITM > detection as part of an end-to-end authentication process. All > applications may not implement that, but some will. That creates lots > of uncertainty for any MITM attacker, because they now have a clear > risk of being detected.
It would be useful if the charter were to mention channel binding. It follows from everything else in the charter that channel binding is not only not precluded but should be possible for any WG products that adhere to the charter. However, it wouldn't hurt to make channel binding support a requirement. In particular it would make it easier to avoid accidentally desiging a "session ID" that is not suitable as a channel binding. Yes, I did not participate in the charter discussions; the absence of CB in the charter is my fault to some degree. But adding it would be a very minor change with no significant costs to the WG. Nico -- _______________________________________________ Tcpinc mailing list [email protected] https://www.ietf.org/mailman/listinfo/tcpinc
