OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: [saml-dev] Web Server Certificates

Thank you for the offer. The goal is to obtain certificates that are in chains which link to the roots ALREADY installed in the two specified browsers (IE 6.0 and Netscape 6.2) so as to avoid having to import trust roots into browsers being used in the demo. Most of us are perfectly capable of issuing certs rooted somewhere.
It is not clear to me whether or not your organization can do this.
-----Original Message-----
From: Ken Graf [mailto:ken@securityxing.com]
Sent: Tuesday, May 14, 2002 11:05 AM
To: 'Hal Lockhart'
Cc: Irving.Reid@baltimore.com; 'Carlisle Adams'; rphilpott@rsasecurity.com; abrown@verisign.com; mshilts@verisign.com
Subject: RE: [saml-dev] Web Server Certificates



If you want a vendor independent set of certificates, my organization can volunteer.


Security Crossing is willing to provide the following:

1)       A signing CA, will the sole function of providing SSL certificates for the Burton demonstration.

2)       PKCS10 and PEM based certification and revocation requests via email.

3)       Internet publication of the root certificate and a CRL covering the demonstration period.


On this list I only know Hal personally, but I believe I know someone in management at every organization on this email that with attest to my ability to fulfill this need and remain independent.


Please let me know if you are interested.


Thank you, Ken.


-----Original Message-----
From: Hal Lockhart [mailto:hal.lockhart@entegrity.com]
Tuesday, May 14, 2002 10:14 AM
To: saml-dev@lists.oasis-open.org
Cc: 'Irving.Reid@baltimore.com'; 'Carlisle Adams'; 'rphilpott@rsasecurity.com'; 'abrown@verisign.com'; 'mshilts@verisign.com'
Subject: [saml-dev] Web Server Certificates


The Interop spec currently says:


Browser: users will access URLs protected by SSL. Please check to see that the recommended browsers (type and version number) trust the certificate root for the certificate you plan to use to secure your https URLs.

Since several of the organizations involved in this demo own the roots in question,  (at least: Baltimore, Entrust?, RSA and Verisign) is somebody willing to act as a sponsor and issue short lived SSL server certificates for the purpose of this demo. I am sure the Burton Group would agree to some signage on the order of "certificates provided by...". It might be a good way to remind people that SAML builds on other security mechanisms, it does not replace them.


How about it guys? Any takers?



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC