[ietf-nntp] Re: SASL capability
Charles Lindsey
chl at clerew.man.ac.uk
Thu May 20 03:17:25 PDT 2004
In <Pine.LNX.4.58-039.0405190945520.14193 at sourcefour.andrew.cmu.edu> Rob Siemborski <rjs3 at andrew.cmu.edu> writes:
>The theory goes something like:
>Client asks for mechanism list
>Client picks "Best" mechanism, and authenticates
>If client now has a protection layer (integrity or encryption), it can ask
> for the list of mechanisms again.
>If there is now a stronger mechanism available, then presumably you've
> detected a MITM (note, there may be a weaker mechanism available as well,
> but generally the idea is that the list shouldn't change at all).
That sounds fine if encryption has been negotiated (assuming it cannot be
broken by the MITM), but if only integrity has been established and the
MITM is still there, then surely he can continue to report bogus lists of
extensions? Or are we only trying to make it proof against a passive MITM?
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131 Fax: +44 161 436 6133 Web: http://www.cs.man.ac.uk/~chl
Email: chl at clerew.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
More information about the ietf-nntp
mailing list