[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [security-services] Draft-sstc-sec-consider-03.doc
The attack described in section 3.4 of the document you reference is based on two assumptions 1) The client does not verify certificate chains all the way to a trusted CA (in the example attack the malicious party presents a self-signed bogus certificate) 2) The server does not require a verified client certificate. All key-based systems are open to this kind of attack, but we do address both of these assumptions in the document. Assumption 1 is addressed in the new section on Key Management wherein it is noted that these systems really need to check both the correctness of the key, and the correctness/currentness of the key-to-identity binding (which can involved full cert chain verification or reference at a local store of assigned keys, either of which would cause assumption 1 to fail). Assumption 2 is addressed in our definition of , and requirement for, bilateral authentication. When the bilateral authentication requirement is mentioned in the document, it is mentioned that SSL/TLS with client certificates required, meets this requirement. So the client must supply a verifiable certificate, which causes assumption 2 to fail. C. > -----Original Message----- > From: Anders Rundgren [mailto:anders.rundgren@telia.com] > Sent: Wednesday, January 09, 2002 5:16 PM > To: cmclaren@netegrity.com; 'oasis sstc' > Subject: Re: [security-services] Draft-sstc-sec-consider-03.doc > > > May I ask the SAML-members why Dug Song's attack on HTTPS does > no apply to SAML? > http://www.monkey.org/~dugsong/dsniff/faq.html Anders ----- Original Message ----- From: "Chris McLaren" <cmclaren@netegrity.com> To: "'oasis sstc'" <security-services@lists.oasis-open.org> Sent: Wednesday, January 09, 2002 21:46 Subject: [security-services] Draft-sstc-sec-consider-03.doc Here's the latest, incorporating the following: 1) Eve's changes 2) My changes in response to Eve's comments 3) Comments and changes from Prateek 4) Filling in my TBDs 5) Added a section on Key Management (background on the limitations of security based on key-to-identity binding strength) 6) Added a Privacy section. This is basically a comment that you should keep private things confidential combined with a section on anonymity that is based pretty heavily on Marlena's notes to the list. I am looking forward to comments and additional text from everyone, as they review the document. C.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC