OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [saml-dev] SAML V2.0 Holder-of-Key Web Browser SSO Profile not immune against man-in-the-middle attack


On Mon, Apr 27, 2009 at 9:57 AM, Scott Cantor <cantor.2@osu.edu> wrote:
>
> For example, there could be a known key issued through some process that
> might result in a certificate, but the user need not use that same
> certificate when it authenticates as long as the key is the same.

Ah, which is why you suggested "key" in lieu of "certificate" earlier.
 Yes, I see, and I agree.

Thanks,
Tom


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]