[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Drafts for review: Kerberos & SAML profiles
Ron Monzillo wrote on 2009-08-26: > Is it too much of stretch to view the principal as the name of the > shared secret that must be known in order to obtain and use a service > ticket acquired from the kdc? No, but the suggestion to use ds:KeyName to do so just seems wrong to me, as it provides *no* signal to the relying party that Kerberos is even involved. That's harmful for interoperability, since it means that the implementation has to know some OOB way or just brute force a number of different interpretations of KeyInfo. It's a lot easier if the implementation knows from either the confirmation method or the KeyInfo structure that Kerberos is required. I'm agnostic about which, while agreeing with Josh that if there are other use cases for profiling/extending KeyInfo to deal with Kerberos, that's a valid argument. But there should be an explicit structural component to key a switch statement or inject pluggable code off of. Using HoK + ds:KeyName would make Kerberos look identical to an RSA signature combined with a trusted certificate, and that's not a good thing to me. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]