[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Poll: use of TLS channel bindings in SCRAM
On Mon, Jun 08, 2009 at 10:21:31AM -0400, Sam Hartman wrote:
> Kurt> After some additional thought and consideration, I change my
> Kurt> preference to:
>
> Kurt> 4a (just change the text to require tls-unique)
>
> As I indicate, I believe support for channel binding types other than
> tls-unique is an absolute requirement. While I prefer for us to have
> downgrade protection, I don't see that as an absolute requirement.
> So, I think we at least need a mechanism to say what channel binding
> type we've used if it is not tls-unique. That's not downgrade
> protection; it is consistency with 5056.
Technically we don't even need that much, but I'd very much like to have
at least that much.
I too think that future downgrade protection is not critical right now.
In fact, I can think of ways to do all three (or is it four?) proposed
future CB type nego schemes without adding downgrade protection now
(it's just that to me the security analysis seemed easier with explicit
downgrade protection).
Nico
--