Loading ...
Sorry, an error occurred while loading the content.

294257Re: GSSAPI with SMTP client

Expand Messages
  • Viktor Dukhovni
    Jul 11, 2013
      On Thu, Jul 11, 2013 at 11:23:50AM -0400, Erinn Looney-Triggs wrote:

      > > GSSAPI inside TLS currently does not perform channel binding, and
      > > so your session can be hijacked, after the client authenticates
      > > with GSSAPI. You can use "fingerprint" security if your server
      > > certificate is not signed by a usable CA.
      >
      > However, do you have a bit more info about what you mean by
      > channel binding? A link, something along those lines just so I can
      > understand the concepts here.

      https://tools.ietf.org/html/rfc5056

      --
      Viktor.
    • Show all 10 messages in this topic