IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: gss userauth
> I've pointed out this to the authors privatly, so I'll repeat this
> publicly. I consider gss userauth to be broken since it doesn't verify the
> session id (using either mic or a channel bindings (like in CCM)).
I'd not previously realized this, having not read that section of the
gss spec, but that does appear to me to be true, and I do agree that
it is something that should be fixed.
(I'm sending this message primarily because my understanding is that
``me toos'' are useful in determining what the working group consensus
is.)
Home |
Main Index |
Thread Index |
Old Index