[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] holder-of-key subject confirmation
On Sun, May 11, 2008 at 10:32 PM, Rich.Levinson <rich.levinson@oracle.com> wrote: > > Anyone can read the cert, C1, and create a new cert, C2 with the same > subject name etc. But no one should trust C2, because C2 was not > contained in anything signed by IdP. Rich, would you change your point of view if the relying party RP happens to trust the certificate C2 presented by the user? Tom
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]