Jonathan Hoyland <jonathan.hoyl...@gmail.com> writes: > When someone tries to copy a message from a SCRAM handshake into some > GSS-API run on a single TLS connection I want to be sure that it will be > rejected, without having to understand exactly how every version of SCRAM > and GSS-API ever (including ones that will be drafted in the future) works > (not to mention every other protocol past, present, and future that uses > the same string.)
If I understand you correctly, this behaviour was a design choice of SCRAM (and indirectly GS2) -- it was designed so that SCRAM native in SASL would produce the same tokens as SCRAM used via GSS-API, for the same TLS session. Whether that was a wise decision remains to be seen, but I don't think it will come as a surprise for anyone, nor is there any publicly documented attack based on this property that I am aware of. /Simon
signature.asc
Description: PGP signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
