[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [security-services] Draft-sstc-sec-consider-03.doc
Chris, >The attack described in section 3.4 of the document you reference is >based on two assumptions >1) The client does not verify certificate chains all the way to a >trusted CA (in the example attack the malicious party presents a >self-signed bogus certificate) The "client" is unfortunately a *human* that just gets a hint that something is not correct but he/she may click "Continue" to ignore. And maybe even select to trust the next time. This is the problem with ad-hoc PKI as Dug correctly points out. This is also probably the weakest spot in SAML, assuming that servers are not too easy to hack into. >2) The server does not require a verified client certificate. This is by far the most likely use-case for SAML SSO-scenarious as far as I know, assuming the server is the target server in SSO. Personal opinion: Client-certs in inter-organization activities like extranet authentication will due to SAML et. al. never be of any significance! rgds Anders
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC