>
>An attacker can MITM the non-tls site and capture the authentication,
>replaying it to gain access to the TLS site as the authenticated user.
Why don't the GSS EAP channel bindings prevent that attack?
Josh.
Janet(UK) is a trading name of Jisc Collections and Janet Limited, a
not-for-profit company which is registered in England under No. 2881024
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238
|