[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] XML signature validation question
On 1/13/17, 12:01 PM, "Pim van der Eijk (Lists)" <lists@sonnenglanz.net> wrote: > The XML Signature specification does not actually explicitly > impose this ordering constraint on chains, which is an omission. It's a fatal one, in this particular case, which I may not have emphasized sufficiently. Given no profile imposing that constraint, the inability to know which actual key was meant as a verification key by the metadata creates a security risk if you tried to apply the key material. It would essentially risk allowing the CA to act as the IdP or SP, which it obviously is not. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]