On Thu, Jul 11, 2013 at 11:23:50AM -0400, Erinn Looney-Triggs wrote:
> > GSSAPI inside TLS currently does not perform channel binding, and
> > so your session can be hijacked, after the client authenticates
> > with GSSAPI. You can use "fingerprint" security if your server
> > certificate is not signed by a usable CA.
>
> However, do you have a bit more info about what you mean by
> channel binding? A link, something along those lines just so I can
> understand the concepts here.
https://tools.ietf.org/html/rfc5056
--
Viktor.
