> Josh> Ignore it -- what else can we do? Isn't that channel binding
> Josh> inherently part of the leap of faith?
>
>The issue is that if we disregard the channel binding in that cases then
>the mutual authentication flag will fail to be set at the gss layer and
>things like ssh will fail.
Couldn't the identity selector special-case the leap-of-faith
authentication on the first time? (in principle, I understand that's not
possible with the current architecture).
Josh.
JANET(UK) is a trading name of The JNT Association, a company limited
by guarantee which is registered in England under No. 2881024
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Oxford, Didcot, Oxfordshire. OX11 0SG
|