>>>>> "Jim" == Jim Schaad <i...@augustcellars.com> writes:
>> There doesn't seem to be a way for a server to request channel
>> binding. If that's true we should probably add the following:
>> Since a server cannot indicate a desire for channel binding,
>> clients that
Jim> have
>> channel binding data to send SHOULD include channel-binding TLV
>> in a request-action TLV if mutual authentication (section 3.11)
>> succeeded.
Jim> If this is true - then I agree it is a flaw.
Jim> I think that one could send a channel-binding TLV with no data
Jim> to request that a client send channel binding data back. This
Jim> should not cause any significant problems.
If that's permitted then it should be explicitly documented.
I think that if this is permitted, everyone who implements channel
binding needs to be required to support this.
Jim> One could then have Channel-binding server->peer - no data
Jim> Channel-binding peer->server - here is my data Channel-binding
Jim> server->peer - here is my data
Again, let's document this if it is permitted.
It's clear the spec is unclear if you and I read if differently.
Jim> However I believe that the client can initiate this by just
Jim> sending the channel binding TLV in the clear and not in a
Jim> request if the client wants to initiate it.
My reading is that you cannot send a channel binding outside of a
request. This needs clarification as well if we're reading it
differently.
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu
