[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Please review PE-16 text
On 1/10/12 11:48 AM, "John Bradley" <ve7jtb@ve7jtb.com> wrote: >Hi Scott, >In some cases such as SP-800-63 LoA 3 where non-repudiation is required, >signing the message is probably not enough. Yes, but we're not tasked to address issues of non-repudiation that arise from other requirements, we just have to secure our profiles. >Given that it is current practice win the FICAM and other profiles to >sign then encrypt POST responses we may want to be more explicit that you >MUST sign the POST message, if the assertion is CBC encrypted. >Even if the encrypted assertion is already signed. We can't add MUSTS, this is an errata. A separate conversation is whether we should consider making normative changes if we publish a 2.0.1 refresh of the standard, but I think that's going to be problematic too. Other profiles on top of SAML are of course able to dictate new MUSTS for things that are SHOULD or MAY in the standard. >I suspect that people may read: >Either the <Response> (or the <Assertion> element(s) in the <Response>) >MUST be signed > >To allow just signing inside the encryption. Absent the issues with encryption, that remains the official profile requirement, and we can't change that in errata. But the new language is explicitly saying that there are concerns about doing that. I agree with you that the new language doesn't explicitly say that you should sign *both*, because that isn't actually a SAML profile requirement. I don't think it discourages signing both though. -- Scott
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]