saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [saml-dev] holder-of-key subject confirmation

From: "Tom Scavo" <trscavo@gmail.com>
To: Rich.Levinson <rich.levinson@oracle.com>
Date: Mon, 12 May 2008 18:02:43 -0400

On Sun, May 11, 2008 at 10:32 PM, Rich.Levinson
<rich.levinson@oracle.com> wrote:
>
>  Anyone can read the cert, C1, and create a new cert, C2 with the same
>  subject name etc. But no one should trust C2, because C2 was not
>  contained in anything signed by IdP.

Rich, would you change your point of view if the relying party RP
happens to trust the certificate C2 presented by the user?

Tom

Follow-Ups:
- Re: [saml-dev] holder-of-key subject confirmation
  - From: "Rich.Levinson" <rich.levinson@oracle.com>

References:
- holder-of-key subject confirmation
  - From: "Tom Scavo" <trscavo@gmail.com>
- Re: [saml-dev] holder-of-key subject confirmation
  - From: "Rich.Levinson" <rich.levinson@oracle.com>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]