Description
This interface exists to expose security information about Channels. The two properties are sometimes immutable and can be used to make decisions on how cautious to be about transferring sensitive data. The special case of ServerAuthentication1 channels is one example of where the two properties are immutable.
For example, clients MAY use these properties to decide
whether the PLAIN
mechanism is acceptable for a
SASLAuthentication1
channel.
Properties
Encrypted — b
True if this channel occurs over an encrypted connection. This does not imply that steps have been taken to avoid man-in-the-middle attacks.
Rationale:
For future support for RFC 5056 Channel Binding it is desirable to be able to use some SASL mechanisms over an encrypted connection to an unverified peer, which can prove that it is the desired destination during the SASL negotiation.
Verified — b
True if this channel occurs over a connection that is protected against tampering, and has been verified to be with the desired destination: for instance, one where TLS was previously negotiated, and the TLS certificate has been verified against a configured certificate authority or accepted by the user.