[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Channel binding being attempted even when SCRAM PLUS not advertized
|
From: |
Manvendra Bhangui |
|
Subject: |
Re: Channel binding being attempted even when SCRAM PLUS not advertized |
|
Date: |
Mon, 15 Aug 2022 19:27:26 +0530 |
On Mon, 15 Aug 2022 at 14:32, Manvendra Bhangui <mbhangui@gmail.com> wrote:
>
> "Clients that do not support mechanism negotiation never use a "y"
> gs2-cbind-flag, they use either "p" or "n" according to whether they
> require and support the use of channel binding or whether they do not,
> respectively."
RFC 5802 isn't explicit on what to do when the client supports channel
binding but the server does not. I did some more reading on this and found
this document (I have no idea of the status of this document).
https://www.ietf.org/archive/id/draft-ietf-sasl-channel-bindings-02.html#2
Section 2 of the above document says
"The client MUST NOT use channel binding if it lists the server's
mechanisms and does not find a suitable mechanism that supports channel
binding in that list."
My assumptions can be wrong and I will be glad to get corrected, but at
this point, I'm a confused person.
--
Regards Manvendra - http://www.indimail.org
GPG Pub Key
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC7CBC760014D250C