[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Groups - sstc-saml-bindings-2.0-draft-10.pdf uploaded
Per lines 692-694, a recommendation for not less than 8 pseudorandom bytes within a 20-byte MessageHandle seems somewhat short relative to contemporary crypto practice, also noting the Security Considerations statement at line 772 that the binding relies on the property of the artifact being a hard-to-forge short-term reference. Since the MessageHandle is effectively a form of shared secret, I'd suggest recommending pseudorandomness to the 112-bit or 128-bit level, rather than 64-bit. Would this create a problem for anyone? --jl -----Original Message----- From: cantor.2@osu.edu [mailto:cantor.2@osu.edu] Sent: Saturday, May 08, 2004 4:18 PM To: security-services@lists.oasis-open.org Subject: [security-services] Groups - sstc-saml-bindings-2.0-draft-10.pdf uploaded The document sstc-saml-bindings-2.0-draft-10.pdf has been submitted by Scott Cantor (cantor.2@osu.edu) to the OASIS Security Services TC document repository. Document Description: Combined SAML and ID-FF artifact formats into a single proposed type 04. Download Document: http://www.oasis-open.org/apps/org/workgroup/security/download.php/6679/sstc -saml-bindings-2.0-draft-10.pdf View Document Details: http://www.oasis-open.org/apps/org/workgroup/security/document.php?document_ id=6679 PLEASE NOTE: If the above links do not work for you, your email application may be breaking the link into two pieces. You may be able to copy and paste the entire link address into the address field of your web browser. To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/security-services/members/leave _workgroup.php.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]