#tlschannelbinding — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #tlschannelbinding, aggregated by home.social.
-
@pake_preacher : I forgot the details of PAKE and SRP, but in the end the most secure client authentication requires:
1️⃣ Strong, long term, human comprehensible, *serving endpoint* authentication;
*AND*
2️⃣ TLS channel binding (enforcing known endpoints).(Apart from those, both serving endpoint AND client MUST be trustworthy).
🚨 The -corrupt- CA/B forum breaks 1️⃣ by:
a) Advocating anonymous Domain Validated certificates, which render secure account creation IMPOSSIBLE;
b) Continuously decreasing certificate lifetime.🚨 Furthermore, "legitimate" MitM's * break 2️⃣.
* Man in the Middle, like on-device virusscanners and firewalls that "open" TLS tunnels (both requiring installation of a dedicated root certificate) and proxies such as (definitely not limited to) Cloudflare and Fastly.
😱 Passkeys enforce NEITHER 1️⃣ NOR 2️⃣.
😱😱 Worse, because passkeys (or FIDO2 hardware keys) can be easily irretrievably "lost", servers typically provide WAY EASIER phishable authentication methods (such as "rescue codes").
#AitM #MitM #SecureOnlineAuthIsHARD #SecureAuthentication #OnlineAuthentication #Authentication #Impersonation #ChannelBinding #TLSchannelBinding #UTM #TLS #TLSinterception #TLSscanning #Proxy #Proxies #GoogleIsEvil #CloudflareIsEvil
-
@pake_preacher : I forgot the details of PAKE and SRP, but in the end the most secure client authentication requires:
1️⃣ Strong, long term, human comprehensible, *serving endpoint* authentication;
*AND*
2️⃣ TLS channel binding (enforcing known endpoints).(Apart from those, both serving endpoint AND client MUST be trustworthy).
🚨 The -corrupt- CA/B forum breaks 1️⃣ by:
a) Advocating anonymous Domain Validated certificates, which render secure account creation IMPOSSIBLE;
b) Continuously decreasing certificate lifetime.🚨 Furthermore, "legitimate" MitM's * break 2️⃣.
* Man in the Middle, like on-device virusscanners and firewalls that "open" TLS tunnels (both requiring installation of a dedicated root certificate) and proxies such as (definitely not limited to) Cloudflare and Fastly.
😱 Passkeys enforce NEITHER 1️⃣ NOR 2️⃣.
😱😱 Worse, because passkeys (or FIDO2 hardware keys) can be easily irretrievably "lost", servers typically provide WAY EASIER phishable authentication methods (such as "rescue codes").
#AitM #MitM #SecureOnlineAuthIsHARD #SecureAuthentication #OnlineAuthentication #Authentication #Impersonation #ChannelBinding #TLSchannelBinding #UTM #TLS #TLSinterception #TLSscanning #Proxy #Proxies #GoogleIsEvil #CloudflareIsEvil
-
@pake_preacher : I forgot the details of PAKE and SRP, but in the end the most secure client authentication requires:
1️⃣ Strong, long term, human comprehensible, *serving endpoint* authentication;
*AND*
2️⃣ TLS channel binding (enforcing known endpoints).(Apart from those, both serving endpoint AND client MUST be trustworthy).
🚨 The -corrupt- CA/B forum breaks 1️⃣ by:
a) Advocating anonymous Domain Validated certificates, which render secure account creation IMPOSSIBLE;
b) Continuously decreasing certificate lifetime.🚨 Furthermore, "legitimate" MitM's * break 2️⃣.
* Man in the Middle, like on-device virusscanners and firewalls that "open" TLS tunnels (both requiring installation of a dedicated root certificate) and proxies such as (definitely not limited to) Cloudflare and Fastly.
😱 Passkeys enforce NEITHER 1️⃣ NOR 2️⃣.
😱😱 Worse, because passkeys (or FIDO2 hardware keys) can be easily irretrievably "lost", servers typically provide WAY EASIER phishable authentication methods (such as "rescue codes").
#AitM #MitM #SecureOnlineAuthIsHARD #SecureAuthentication #OnlineAuthentication #Authentication #Impersonation #ChannelBinding #TLSchannelBinding #UTM #TLS #TLSinterception #TLSscanning #Proxy #Proxies #GoogleIsEvil #CloudflareIsEvil
-
@pake_preacher : I forgot the details of PAKE and SRP, but in the end the most secure client authentication requires:
1️⃣ Strong, long term, human comprehensible, *serving endpoint* authentication;
*AND*
2️⃣ TLS channel binding (enforcing known endpoints).(Apart from those, both serving endpoint AND client MUST be trustworthy).
🚨 The -corrupt- CA/B forum breaks 1️⃣ by:
a) Advocating anonymous Domain Validated certificates, which render secure account creation IMPOSSIBLE;
b) Continuously decreasing certificate lifetime.🚨 Furthermore, "legitimate" MitM's * break 2️⃣.
* Man in the Middle, like on-device virusscanners and firewalls that "open" TLS tunnels (both requiring installation of a dedicated root certificate) and proxies such as (definitely not limited to) Cloudflare and Fastly.
😱 Passkeys enforce NEITHER 1️⃣ NOR 2️⃣.
😱😱 Worse, because passkeys (or FIDO2 hardware keys) can be easily irretrievably "lost", servers typically provide WAY EASIER phishable authentication methods (such as "rescue codes").
#AitM #MitM #SecureOnlineAuthIsHARD #SecureAuthentication #OnlineAuthentication #Authentication #Impersonation #ChannelBinding #TLSchannelBinding #UTM #TLS #TLSinterception #TLSscanning #Proxy #Proxies #GoogleIsEvil #CloudflareIsEvil
-
#GoSendXMPP 0.15.0 has been released (#SendXMPP / #XMPP / #Jabber / #Go / #GoLang / #GoXMPP / #SCRAM / #SCRAMSHA / #SCRAMSHA1 / #SCRAMSHA256 / #SCRAMSHA512 / #TLSChannelBinding / #RFC9266) https://salsa.debian.org/mdosch/go-sendxmpp
-
#GoSendXMPP 0.15.0 has been released (#SendXMPP / #XMPP / #Jabber / #Go / #GoLang / #GoXMPP / #SCRAM / #SCRAMSHA / #SCRAMSHA1 / #SCRAMSHA256 / #SCRAMSHA512 / #TLSChannelBinding / #RFC9266) https://salsa.debian.org/mdosch/go-sendxmpp
-
#GoSendXMPP 0.15.0 has been released (#SendXMPP / #XMPP / #Jabber / #Go / #GoLang / #GoXMPP / #SCRAM / #SCRAMSHA / #SCRAMSHA1 / #SCRAMSHA256 / #SCRAMSHA512 / #TLSChannelBinding / #RFC9266) https://salsa.debian.org/mdosch/go-sendxmpp
-
#GoXMPP 0.2.17 has been released (#XMPP / #Jabber / #Go / #GoLang / #SCRAM / #SCRAMSHA / #SCRAMSHA1 / #SCRAMSHA256 / #SCRAMSHA512 / #TLSChannelBinding / #RFC9266) https://github.com/xmppo/go-xmpp
-
#GoXMPP 0.2.17 has been released (#XMPP / #Jabber / #Go / #GoLang / #SCRAM / #SCRAMSHA / #SCRAMSHA1 / #SCRAMSHA256 / #SCRAMSHA512 / #TLSChannelBinding / #RFC9266) https://github.com/xmppo/go-xmpp
-
#GoXMPP 0.2.17 has been released (#XMPP / #Jabber / #Go / #GoLang / #SCRAM / #SCRAMSHA / #SCRAMSHA1 / #SCRAMSHA256 / #SCRAMSHA512 / #TLSChannelBinding / #RFC9266) https://github.com/xmppo/go-xmpp
-
#ejabberd 25.08 has been released (#XMPP / #XMPPServer / #Jabber / #MQTT / #SIP / #Erlang / #ProcessOne / #Matrix / #SCRAM / #SCRAMSHA / #SCRAMSHA1 / #SCRAMSHA256 / #SCRAMSHA512 / #TLSChannelBinding / #RFC9266 / #SASL2) https://www.ejabberd.im/
-
#ejabberd 25.08 has been released (#XMPP / #XMPPServer / #Jabber / #MQTT / #SIP / #Erlang / #ProcessOne / #Matrix / #SCRAM / #SCRAMSHA / #SCRAMSHA1 / #SCRAMSHA256 / #SCRAMSHA512 / #TLSChannelBinding / #RFC9266 / #SASL2) https://www.ejabberd.im/
-
#ejabberd 25.08 has been released (#XMPP / #XMPPServer / #Jabber / #MQTT / #SIP / #Erlang / #ProcessOne / #Matrix / #SCRAM / #SCRAMSHA / #SCRAMSHA1 / #SCRAMSHA256 / #SCRAMSHA512 / #TLSChannelBinding / #RFC9266 / #SASL2) https://www.ejabberd.im/
-
#GoSendXMPP 0.15.0 Beta 1 has been released (#SendXMPP / #XMPP / #Jabber / #Go / #GoLang / #GoXMPP / #SCRAM / #SCRAMSHA / #SCRAMSHA1 / #SCRAMSHA256 / #SCRAMSHA512 / #TLSChannelBinding / #RFC9266) https://salsa.debian.org/mdosch/go-sendxmpp
-
#GoSendXMPP 0.15.0 Beta 1 has been released (#SendXMPP / #XMPP / #Jabber / #Go / #GoLang / #GoXMPP / #SCRAM / #SCRAMSHA / #SCRAMSHA1 / #SCRAMSHA256 / #SCRAMSHA512 / #TLSChannelBinding / #RFC9266) https://salsa.debian.org/mdosch/go-sendxmpp
-
#GoSendXMPP 0.15.0 Beta 1 has been released (#SendXMPP / #XMPP / #Jabber / #Go / #GoLang / #GoXMPP / #SCRAM / #SCRAMSHA / #SCRAMSHA1 / #SCRAMSHA256 / #SCRAMSHA512 / #TLSChannelBinding / #RFC9266) https://salsa.debian.org/mdosch/go-sendxmpp
-
#GoXMPP 0.2.16 has been released (#XMPP / #Jabber / #Go / #GoLang / #SCRAM / #SCRAMSHA / #SCRAMSHA1 / #SCRAMSHA256 / #SCRAMSHA512 / #TLSChannelBinding / #RFC9266) https://github.com/xmppo/go-xmpp
-
#GoXMPP 0.2.16 has been released (#XMPP / #Jabber / #Go / #GoLang / #SCRAM / #SCRAMSHA / #SCRAMSHA1 / #SCRAMSHA256 / #SCRAMSHA512 / #TLSChannelBinding / #RFC9266) https://github.com/xmppo/go-xmpp
-
#GoXMPP 0.2.16 has been released (#XMPP / #Jabber / #Go / #GoLang / #SCRAM / #SCRAMSHA / #SCRAMSHA1 / #SCRAMSHA256 / #SCRAMSHA512 / #TLSChannelBinding / #RFC9266) https://github.com/xmppo/go-xmpp
-
#ejabberd 25.07 has been released (#XMPP / #XMPPServer / #Jabber / #MQTT / #SIP / #Erlang / #ProcessOne / #Matrix / #SCRAM / #SCRAMSHA / #SCRAMSHA1 / #SCRAMSHA256 / #SCRAMSHA512 / #TLSChannelBinding / #RFC9266 / #SASL2) https://www.ejabberd.im/
-
#ejabberd 25.07 has been released (#XMPP / #XMPPServer / #Jabber / #MQTT / #SIP / #Erlang / #ProcessOne / #Matrix / #SCRAM / #SCRAMSHA / #SCRAMSHA1 / #SCRAMSHA256 / #SCRAMSHA512 / #TLSChannelBinding / #RFC9266 / #SASL2) https://www.ejabberd.im/
-
#ejabberd 25.07 has been released (#XMPP / #XMPPServer / #Jabber / #MQTT / #SIP / #Erlang / #ProcessOne / #Matrix / #SCRAM / #SCRAMSHA / #SCRAMSHA1 / #SCRAMSHA256 / #SCRAMSHA512 / #TLSChannelBinding / #RFC9266 / #SASL2) https://www.ejabberd.im/
-
#GoXMPP 0.2.14 has been released (#XMPP / #Jabber / #Go / #GoLang / #SCRAM / #SCRAMSHA / #SCRAMSHA1 / #SCRAMSHA256 / #SCRAMSHA512 / #TLSChannelBinding / #RFC9266) https://github.com/xmppo/go-xmpp
-
#ejabberd 25.04 has been released (#XMPP / #XMPPServer / #Jabber / #MQTT / #SIP / #Erlang / #ProcessOne / #Matrix / #SCRAM / #SCRAMSHA / #SCRAMSHA1 / #SCRAMSHA256 / #SCRAMSHA512 / #TLSChannelBinding / #RFC9266 / #SASL2) https://www.ejabberd.im/
-
#ejabberd 25.03 has been released (#XMPP / #Jabber / #MQTT / #SIP / #Erlang / #ProcessOne / #Matrix / #SCRAM / #SCRAMSHA / #SCRAMSHA1 / #SCRAMSHA256 / #SCRAMSHA512 / #TLSChannelBinding / #RFC9266 / #SASL2) https://www.ejabberd.im/
-
#GoXMPP 0.2.12 has been released (#XMPP / #Jabber / #Go / #GoLang / #SCRAM / #SCRAMSHA / #SCRAMSHA1 / #SCRAMSHA256 / #SCRAMSHA512 / #TLSChannelBinding / #RFC9266) https://github.com/xmppo/go-xmpp
-
#Conversations 2.17.9 has been released (#Jabber / #XMPP / #Android / #OMEMO / #ChannelBinding / #TLSChannelBinding / #ChannelBindingforTLS) https://conversations.im/
-
#GoSendXMPP 0.14.1 has been released (#SendXMPP / #XMPP / #Jabber / #Go / #GoLang / #GoXMPP / #SCRAM / #SCRAMSHA / #SCRAMSHA1 / #SCRAMSHA256 / #SCRAMSHA512 / #TLSChannelBinding / #RFC9266) https://salsa.debian.org/mdosch/go-sendxmpp
-
#GoSendXMPP 0.14.1 has been released (#SendXMPP / #XMPP / #Jabber / #Go / #GoLang / #GoXMPP / #SCRAM / #SCRAMSHA / #SCRAMSHA1 / #SCRAMSHA256 / #SCRAMSHA512 / #TLSChannelBinding / #RFC9266) https://salsa.debian.org/mdosch/go-sendxmpp
-
#GoSendXMPP 0.14.1 has been released (#SendXMPP / #XMPP / #Jabber / #Go / #GoLang / #GoXMPP / #SCRAM / #SCRAMSHA / #SCRAMSHA1 / #SCRAMSHA256 / #SCRAMSHA512 / #TLSChannelBinding / #RFC9266) https://salsa.debian.org/mdosch/go-sendxmpp
-
#GoSendXMPP 0.14.1 has been released (#SendXMPP / #XMPP / #Jabber / #Go / #GoLang / #GoXMPP / #SCRAM / #SCRAMSHA / #SCRAMSHA1 / #SCRAMSHA256 / #SCRAMSHA512 / #TLSChannelBinding / #RFC9266) https://salsa.debian.org/mdosch/go-sendxmpp
-
#GoXMPP 0.2.10 has been released (#XMPP / #Jabber / #Go / #GoLang / #SCRAM / #SCRAMSHA / #SCRAMSHA1 / #SCRAMSHA256 / #SCRAMSHA512 / #TLSChannelBinding / #RFC9266) https://github.com/xmppo/go-xmpp
-
#Conversations 2.17.8 has been released (#Jabber / #XMPP / #Android / #OMEMO / #ChannelBinding / #TLSChannelBinding / #ChannelBindingforTLS) https://conversations.im/
-
#ejabberd 24.12 has been released (#XMPP / #Jabber / #MQTT / #SIP / #Erlang / #ProcessOne / #Matrix / #SCRAM / #SCRAMSHA / #SCRAMSHA1 / #SCRAMSHA256 / #SCRAMSHA512 / #TLSChannelBinding / #RFC9266 / #SASL2 / #XEP0386 / #XEP0388 / #XEP0440 / #XEP0474 / #XEP0480 / #XEP0288 / #XEP0484) https://www.ejabberd.im/
-
#ejabberd 24.12 has been released (#XMPP / #Jabber / #MQTT / #SIP / #Erlang / #ProcessOne / #Matrix / #SCRAM / #SCRAMSHA / #SCRAMSHA1 / #SCRAMSHA256 / #SCRAMSHA512 / #TLSChannelBinding / #RFC9266 / #SASL2 / #XEP0386 / #XEP0388 / #XEP0440 / #XEP0474 / #XEP0480 / #XEP0288 / #XEP0484) https://www.ejabberd.im/
-
#ejabberd 24.12 has been released (#XMPP / #Jabber / #MQTT / #SIP / #Erlang / #ProcessOne / #Matrix / #SCRAM / #SCRAMSHA / #SCRAMSHA1 / #SCRAMSHA256 / #SCRAMSHA512 / #TLSChannelBinding / #RFC9266 / #SASL2 / #XEP0386 / #XEP0388 / #XEP0440 / #XEP0474 / #XEP0480 / #XEP0288 / #XEP0484) https://www.ejabberd.im/
-
#Conversations 2.17.5 has been released (#Jabber / #XMPP / #Android / #OMEMO / #SCRAM / #SCRAMSHA / #SCRAMSHA1 / #SCRAMSHA1PLUS / #SCRAMSHA256 / #SCRAMSHA256PLUS / #SCRAMSHA512 / #SCRAMSHA512PLUS / #ChannelBinding / #TLSChannelBinding / #ChannelBindingforTLS) https://conversations.im/
-
#Conversations 2.17.5 has been released (#Jabber / #XMPP / #Android / #OMEMO / #SCRAM / #SCRAMSHA / #SCRAMSHA1 / #SCRAMSHA1PLUS / #SCRAMSHA256 / #SCRAMSHA256PLUS / #SCRAMSHA512 / #SCRAMSHA512PLUS / #ChannelBinding / #TLSChannelBinding / #ChannelBindingforTLS) https://conversations.im/
-
#Conversations 2.17.5 has been released (#Jabber / #XMPP / #Android / #OMEMO / #SCRAM / #SCRAMSHA / #SCRAMSHA1 / #SCRAMSHA1PLUS / #SCRAMSHA256 / #SCRAMSHA256PLUS / #SCRAMSHA512 / #SCRAMSHA512PLUS / #ChannelBinding / #TLSChannelBinding / #ChannelBindingforTLS) https://conversations.im/
-
#GoSendXMPP 0.12.1 has been released (#SendXMPP / #XMPP / #Jabber / #Go / #GoLang / #GoXMPP / #SCRAM / #SCRAMSHA / #SCRAMSHA1 / #SCRAMSHA256 / #SCRAMSHA512 / #TLSChannelBinding / #RFC9266) https://salsa.debian.org/mdosch/go-sendxmpp
-
#GoSendXMPP 0.12.1 has been released (#SendXMPP / #XMPP / #Jabber / #Go / #GoLang / #GoXMPP / #SCRAM / #SCRAMSHA / #SCRAMSHA1 / #SCRAMSHA256 / #SCRAMSHA512 / #TLSChannelBinding / #RFC9266) https://salsa.debian.org/mdosch/go-sendxmpp
-
#GoSendXMPP 0.12.1 has been released (#SendXMPP / #XMPP / #Jabber / #Go / #GoLang / #GoXMPP / #SCRAM / #SCRAMSHA / #SCRAMSHA1 / #SCRAMSHA256 / #SCRAMSHA512 / #TLSChannelBinding / #RFC9266) https://salsa.debian.org/mdosch/go-sendxmpp
-
#GoSendXMPP 0.12.1 has been released (#SendXMPP / #XMPP / #Jabber / #Go / #GoLang / #GoXMPP / #SCRAM / #SCRAMSHA / #SCRAMSHA1 / #SCRAMSHA256 / #SCRAMSHA512 / #TLSChannelBinding / #RFC9266) https://salsa.debian.org/mdosch/go-sendxmpp
-
#GoSendXMPP 0.12.0 has been released (#SendXMPP / #XMPP / #Jabber / #Go / #GoLang / #GoXMPP / #SCRAM / #SCRAMSHA / #SCRAMSHA1 / #SCRAMSHA256 / #SCRAMSHA512 / #TLSChannelBinding / #RFC9266) https://salsa.debian.org/mdosch/go-sendxmpp
-
#GoSendXMPP 0.12.0 has been released (#SendXMPP / #XMPP / #Jabber / #Go / #GoLang / #GoXMPP / #SCRAM / #SCRAMSHA / #SCRAMSHA1 / #SCRAMSHA256 / #SCRAMSHA512 / #TLSChannelBinding / #RFC9266) https://salsa.debian.org/mdosch/go-sendxmpp
-
#GoSendXMPP 0.12.0 has been released (#SendXMPP / #XMPP / #Jabber / #Go / #GoLang / #GoXMPP / #SCRAM / #SCRAMSHA / #SCRAMSHA1 / #SCRAMSHA256 / #SCRAMSHA512 / #TLSChannelBinding / #RFC9266) https://salsa.debian.org/mdosch/go-sendxmpp
-
#GoXMPP 0.2.5 has been released (#XMPP / #Jabber / #Go / #GoLang / #SCRAM / #SCRAMSHA / #SCRAMSHA1 / #SCRAMSHA256 / #SCRAMSHA512 / #TLSChannelBinding / #RFC9266) https://github.com/xmppo/go-xmpp
-
#ejabberd 24.10 has been released (#XMPP / #Jabber / #MQTT / #SIP / #Erlang / #ProcessOne / #Matrix / #SCRAM / #SCRAMSHA / #SCRAMSHA1 / #SCRAMSHA256 / #SCRAMSHA512 / #TLSChannelBinding / #RFC9266 / #SASL2 / #XEP0386 / #XEP0388 / #XEP0440 / #XEP0474 / #XEP0480 / #XEP0424 / #XEP0288) https://www.ejabberd.im/
-
#ejabberd 24.10 has been released (#XMPP / #Jabber / #MQTT / #SIP / #Erlang / #ProcessOne / #Matrix / #SCRAM / #SCRAMSHA / #SCRAMSHA1 / #SCRAMSHA256 / #SCRAMSHA512 / #TLSChannelBinding / #RFC9266 / #SASL2 / #XEP0386 / #XEP0388 / #XEP0440 / #XEP0474 / #XEP0480 / #XEP0424 / #XEP0288) https://www.ejabberd.im/
-
#ejabberd 24.10 has been released (#XMPP / #Jabber / #MQTT / #SIP / #Erlang / #ProcessOne / #Matrix / #SCRAM / #SCRAMSHA / #SCRAMSHA1 / #SCRAMSHA256 / #SCRAMSHA512 / #TLSChannelBinding / #RFC9266 / #SASL2 / #XEP0386 / #XEP0388 / #XEP0440 / #XEP0474 / #XEP0480 / #XEP0424 / #XEP0288) https://www.ejabberd.im/