On 07/11/2013 07:45 AM, Viktor Dukhovni wrote: > On Thu, Jul 11, 2013 at 11:23:50AM -0400, Erinn Looney-Triggs wrote: > >>> GSSAPI inside TLS currently does not perform channel binding, and >>> so your session can be hijacked, after the client authenticates >>> with GSSAPI. You can use "fingerprint" security if your server >>> certificate is not signed by a usable CA. >> >> However, do you have a bit more info about what you mean by >> channel binding? A link, something along those lines just so I can >> understand the concepts here. > > https://tools.ietf.org/html/rfc5056 >
Viktor, Thanks again for the feedback, I updated the article. If you want to take a look at it again and have any more feedback feel free to send it along. https://stomp.colorado.edu/blog/blog/2013/07/09/on-freeipa-postfix-and-a-relaying-smtp-client/ -Erinn
signature.asc
Description: OpenPGP digital signature