On 07/11/2013 07:45 AM, Viktor Dukhovni wrote:
> On Thu, Jul 11, 2013 at 11:23:50AM -0400, Erinn Looney-Triggs wrote:
>>> GSSAPI inside TLS currently does not perform channel binding, and
>>> so your session can be hijacked, after the client authenticates
>>> with GSSAPI. You can use "fingerprint" security if your server
>>> certificate is not signed by a usable CA.
>> However, do you have a bit more info about what you mean by
>> channel binding? A link, something along those lines just so I can
>> understand the concepts here.
Thanks again for the feedback, I updated the article. If you want to
take a look at it again and have any more feedback feel free to send it