Re: [TLS] lasgt call comments (st Call: draft-altman-tls-channel-bindings (Channel Bindings for TLS) to Proposed Standard)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [TLS] lasgt call comments (st Call: draft-altman-tls-channel-bindings (Channel Bindings for TLS) to Proposed Standard)
On Wed, Nov 04, 2009 at 08:26:30PM +0100, Simon Josefsson wrote:
> Nicolas Williams <Nicolas.Williams at sun.com> writes:
> > [...]
>
> With that definition, one couldn't use tls-unique channel binding to
> bind to the authentication credentials associated with a TLS channel
^^^^^^^^^^^^^^^^^^^^^^^^^^
> uniquely -- a TLS re-negotiation doesn't change the channel binding
> data, but it may change the authentication credentials.
The point of channel binding is NOT to bind the authentication
credentials of the channel's end-points. In fact, the point of channel
binding is to allow authentication to happen at a layer above the
channel, so that the authentication, or lack thereof in that channel,
becomes irrelevant.
Please see RFC5056.
> I believe that problem needs to be explained in the security
> consideration -- it would be easy to think that channel binding data can
> be used to get a cryptographic association with the user credentials
> used for that channel.
There is no problem.
> Otherwise I don't see any problem with this definition.
Thanks.
Nico
--
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
