[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] SAML V2.0 Holder-of-Key Web Browser SSO Profile not immune against man-in-the-middle attack
On Mon, Apr 27, 2009 at 9:57 AM, Scott Cantor <cantor.2@osu.edu> wrote: > > For example, there could be a known key issued through some process that > might result in a certificate, but the user need not use that same > certificate when it authenticates as long as the key is the same. Ah, which is why you suggested "key" in lieu of "certificate" earlier. Yes, I see, and I agree. Thanks, Tom
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]