Details
-
Suggestion
-
Resolution: Unresolved
-
P2: Important
-
None
-
5.15.14, 5.9.9, 5.12.12, 6.0.0, 6.1.3, 6.2.6, 6.3.2, 6.4.3, 6.5.3, 6.6.0, Some future release
-
None
-
13
-
Foundation PM Prioritized
Description
Channel Binding works with:
- tls-unique for TLS =< 1.2
- tls-server-end-point
- tls-exporter for TLS = 1.3
All Channel Binding parts are in RFC5929/RFC9266.
After links to RFC, XEP, etc.
---------------------------
A little part:
to get data required for channel binding QSslSocket should have API to get data from SSL_get_finished()
https://paquier.xyz/postgresql-2/channel-binding-openssl/
----------------------
You can see a not-complete list of supported softwares:
Several Qt projects are waiting since a very long time the solution from Qt.
--------------------------
With the recent jabber.ru MITM, it is important to add Channel Binding.
Microsoft uses Channel Binding
OpenSSL has functions
GnuTLS has functions
PostegreSQL uses it
OpenLDAP uses it
GSASL uses it
etc.
------------------------------
Linked to:
- RFC5056: On the Use of Channel Bindings to Secure Channels: https://tools.ietf.org/html/rfc5056 // November 2007
- RFC5929: Channel Bindings for TLS: https://tools.ietf.org/html/rfc5929 // July 2010
- Channel-Binding Types: https://www.iana.org/assignments/channel-binding-types/channel-binding-types.xhtml
- RFC9266: Channel Bindings for TLS 1.3: https://tools.ietf.org/html/rfc9266 // July 2022
- XEP-0388: Extensible SASL Profile: https://xmpp.org/extensions/xep-0388.html
- XEP-0440: SASL Channel-Binding Type Capability: https://xmpp.org/extensions/xep-0440.html
- XEP-0474: SASL SCRAM Downgrade Protection: https://xmpp.org/extensions/xep-0474.html
- XEP-0480: SASL Upgrade Tasks: https://xmpp.org/extensions/xep-0480.html
- https://www.iana.org/assignments/channel-binding-types/channel-binding-types.xhtml
SCRAM in RFC:
- https://tools.ietf.org/html/rfc5801
- https://tools.ietf.org/html/rfc5802
- https://tools.ietf.org/html/rfc5803
- https://tools.ietf.org/html/rfc6120
- https://tools.ietf.org/html/rfc6331
- https://tools.ietf.org/html/rfc7613
- https://tools.ietf.org/html/rfc8265
- https://tools.ietf.org/html/rfc8547
- https://tools.ietf.org/html/rfc8600
- https://tools.ietf.org/html/rfc6885
- https://tools.ietf.org/html/rfc7081
- https://tools.ietf.org/html/rfc7804
- https://tools.ietf.org/html/rfc8322
- https://tools.ietf.org/html/rfc8621
- https://tools.ietf.org/html/rfc9051
Drafts:
- https://tools.ietf.org/html/draft-melnikov-scram-sha-512
- https://tools.ietf.org/html/draft-melnikov-scram-sha3-512
- https://tools.ietf.org/html/draft-melnikov-scram-bis
- https://tools.ietf.org/html/draft-ietf-kitten-scram-2fa
- https://tools.ietf.org/html/draft-melnikov-sasl2
Jabber.ru MITM: