[exim-dev] On Channel Binding over SMTL/TLS

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: ДилянПалаузов
Data:  
Para: exim-dev
Asunto: [exim-dev] On Channel Binding over SMTL/TLS
Hello,

I have a general question on channel binding, exim is one of the few
application offering CB.

RFC 5929 Channel Bindings for TLS defines the tls-unique channel
binding, stating that there was an old tls-unique, which was bad. The
new tls-unique uses the most recent TLS Finished message sent in the
token, whereas the old tls-unique used the first TLS Finished message.

Commit b1a32a3ce673 adds channel binding to openssl/exim, using the
function SSL_get_peer_finished(). Compare this to the OpenLDAP
implementation, where libldap/tls_o.c:tlso_session_unique() uses
SSL_session_reused(s) ^ !is_server ? SSL_get_finished(s) :
SSL_get_peer_finished().

https://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_gsasl_authenticator.html
says for server_channelbinding: “However, Channel Binding in TLS has
proven to be vulnerable in current versions. Do not plan to rely upon
this feature for security, ever, without consulting with a subject
matter expert (a cryptographic engineer). ”. Is this vulnerability
addressed in RFC 5929?

“This is only usable by mechanisms which support "channel binding"; at
time of writing, that’s the SCRAM family. When using this feature the
"-PLUS" variants of the method names need to be used. ” → GS2-KRB5 also
supports channel bindings.

The document does not state, that the tls-unique channel binding is
used by exim and tls-server-end-point is not used.

Would you mind implementing Channel Binding also using Cyrus SASL and
doing interoperability test (e.g. beween GnulTLS+Gsasl vs OpenSSL+Cyrus
SASL)? OpenLDAP has the file cyrus.c, which implements channel binding
in such a way, that it works with the Windows Active Directory (but I
have some concerns to the implementation, as it enforces channel
binding over SASL GSSAPI, whereas “RFC 4752 SASL GSSAPI” says, that
SASL GSSAPI does not allow channel binding).

Have you done any interoperability tests for the channel binding (e.g.
can the Outlook MTA do SASL GSSAPI using Channel Binding)?

Greetings
Дилян