[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] XML signature validation question
On 1/13/17, 3:43 AM, "Peter Major" <peter.major@forgerock.com> wrote:
> In other words the signing key has a whole certificate chain defined. In
> this scenario upon validation of an XML signature should one validate
> the signature against all the public keys represented by X509Certificate
> values, or should one just use the first certificate for signature
> verification, and use the rest of the chain for certificate validation only?
The content of the KeyInfo is a hint that feeds whatever profile for trust management is being applied. The only published profile of that nature is mine [1], and its text explicitly precludes the formulation you're asking about, for the reason you asked.
Absent such a profile, the answer is that it's a non-interoperable expression.
> For me this suggests that any certificate from the chain can be used to
> verify the signature. Is this interpretation correct? Does the SAML spec
> override this behavior?
Using PKIX in general is both a bad idea and inherently non-interoperable in SAML, but to the extent that one would, multiple certificates in a single X509Data are a chain, and so they're not *all* likely to be meant as a signing key, but as a chain with the signing key plus additional validation aids.
Since you can't even count on which one in the X509Data element is actually the EE key, you can see this is one of the many reasons it's inherently unsafe to specify more than one in the context of metadata.
Again, please just implement [1]. It is the sensible thing to do.
-- Scott
[1] https://wiki.oasis-open.org/security/SAML2MetadataIOP
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]