OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: Comments on S2ML 0.8a

Hi Anders,

Anders Rundgren wrote:
> 
> Nigel,
> 
> > It is quite possible that I misunderstand the usuage model (and/or
> > scoped assertions), but I still think the binding between various S2ML
> > fragments that might appear in different documents may not be strong
> > enough. I don't see problems arising, if these fragments are exchanged
> > through secure channels and contents never disclosed. However, if the
> > fragments are stored in documents for later use, I can see problems
> > arising. The example entitlement on page 13 in the beginning of section
> > 4, shows a URI to link the entitlement to a name assertion. If somebody
> > manages to put a resource up with the same URI problems will arise. John
> > Linn mentioned IP and DNS level spoofing in his posting a few days ago
> > in the context of the HTTP binding for 0.7a. I think the above may be
> > vulnerable to similar problems.
> 
> Is not the Name assertion object to be signed as well?  By an authority that
> the verifier must know to have a trusted relation with the issuer of the Entitlement object.
> That gives the IP/DNS spoofer little chances doesn't it?
> 

I am not sure about this, because I don't feel I fully understand the
use models. If the name object and entitlement object are covered by the
same signature, then yes I believe you are right about there being
little chance for an attack. However, if the Name object and entitlement
object are signed separately, so that they can be stand alone, separable
entities, then I believe questions arise about how strong the linkage
between them is. A URI that includes a cryptographic construction, like
the hash of the target object would be OK. However, I believe links
using a conventional URI, such as an HTTP or FTP URL would have
vulnerabilities. An attacker might be able to change the meaning of such
a link without invalidating the signatures.

Regards,
Nigel.
--
Nigel Edwards <nigel_edwards@hp.com>
tel: +44 (0) 117 3128490 (HP telnet 3128490)
Mobile/Cell: +44 (0) 7785 385 314
(From USA for Cell phone dial: 011-44-7785-385-314)
http://www.e-speak.hp.com/  http://www.hp.com/security/

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC