Loading ...
Sorry, an error occurred while loading the content.

Re: GSSAPI with SMTP client

Expand Messages
  • Erinn Looney-Triggs
    ... Viktor, Thanks again for the feedback, I updated the article. If you want to take a look at it again and have any more feedback feel free to send it along.
    Message 1 of 10 , Jul 18 10:48 AM
    • 0 Attachment
      On 07/11/2013 07:45 AM, Viktor Dukhovni wrote:
      > On Thu, Jul 11, 2013 at 11:23:50AM -0400, Erinn Looney-Triggs wrote:
      >
      >>> GSSAPI inside TLS currently does not perform channel binding, and
      >>> so your session can be hijacked, after the client authenticates
      >>> with GSSAPI. You can use "fingerprint" security if your server
      >>> certificate is not signed by a usable CA.
      >>
      >> However, do you have a bit more info about what you mean by
      >> channel binding? A link, something along those lines just so I can
      >> understand the concepts here.
      >
      > https://tools.ietf.org/html/rfc5056
      >

      Viktor,
      Thanks again for the feedback, I updated the article. If you want to
      take a look at it again and have any more feedback feel free to send it
      along.

      https://stomp.colorado.edu/blog/blog/2013/07/09/on-freeipa-postfix-and-a-relaying-smtp-client/

      -Erinn
    Your message has been successfully submitted and would be delivered to recipients shortly.