As far as I am aware, the endpoints negotiating the TLS tunnel are identical to
Ok. I might be misunderstanding something, here is a summary:
A client C that is willing to use SASL mechanism X both inside and outside a TLS tunnel. A server S that supports a server authenticated TLS tunnel and then authenticates the client using SASL mechanism X within the tunnel. An attacker M who can act as a TLS client and a SASL server for mechanism X.
The network topology/deployment must allow for M to trick C into trying
to authenticate to him using SASL Mechanism X (without TLS) while M
simultaneously establishes a TLS connection with S.
M establishes a TLS session with S M tricks C into trying to authenticate to him using SASL mechanism X
without TLS protection (these first steps could happen in the reverse
order)
M forwards the SASL exchange from C to S and vice versa. The SASL authentication will succeed and S will believe that the
endpoint of the TLS tunnel is C instead of M (For some mechanisms M may
have to spoof S's address in order for the authentication to complete).
M can disconnect from C and continue sending messages to S. S thinks the messages from M originate from C.
Joe
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature