Dirk Meyer wrote: > Peter Saint-Andre wrote: >> Dirk Meyer wrote: >>> Justin Karneges wrote: >>>> On Tuesday 10 February 2009 14:52:05 Kurt Zeilenga wrote: >>>>> While the DIGEST-MD5 provides for a (limited) form of mutual >>>>> authentication, DIGEST-MD5 offers no assurance to either the client or >>>>> the party that the end points of the DIGEST-MD5 exchange are the same >>>>> as the end-points of the TLS exchange. >>>> You mean if you don't verify the TLS certificate? >>> We do, channel bindings is a fallback. If we communicate and have both >>> self-signed certificates, we can not verify each other. >> Well, presumably we can verify each other if we use some other channel >> to communicate information about the certificates (meeting IRL is best, >> talking over the phone, encrypted email, etc.). At least then the >> attacker would need to compromise two different channels. > > I think even when using the phone, we would agree on a password. It is > not very userfriendly to compare X.509 fingerprints.
Agreed. So I suppose the question is, when and how is the password shared? Is that done via TLS-SRP or somehow after the TLS exchange via SASL? /psa
smime.p7s
Description: S/MIME Cryptographic Signature
