On Mon, Nov 18, 2024 at 08:25:12AM +0200, Mohit Sethi wrote: > The lesson here is the same countermeasure for all misbinding attack - be > explicit about the identities and check them. We have created a pull request > for 8446bis adding a reference to misbinding attacks and countermeasures > when using RPK. The goal was to keep the text to a minimum: > > https://github.com/tlswg/tls13-spec/pull/1366
For application protocols that carry identities (many do), those should be checked instead of checking SNI. SNI can never be trusted over application-level identities. -Ilari _______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
