On 07/11/2013 07:45 AM, Viktor Dukhovni wrote:
> On Thu, Jul 11, 2013 at 11:23:50AM -0400, Erinn Looney-Triggs wrote:
> 
>>> GSSAPI inside TLS currently does not perform channel binding, and
>>> so your session can be hijacked, after the client authenticates
>>> with GSSAPI.  You can use "fingerprint" security if your server
>>> certificate is not signed by a usable CA.
>>
>> However, do you have a bit more info about what you mean by
>> channel binding? A link, something along those lines just so I can
>> understand the concepts here.
> 
>     https://tools.ietf.org/html/rfc5056
> 

Viktor,
Thanks again for the feedback, I updated the article. If you want to
take a look at it again and have any more feedback feel free to send it
along.

https://stomp.colorado.edu/blog/blog/2013/07/09/on-freeipa-postfix-and-a-relaying-smtp-client/

-Erinn

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to