[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] holder-of-key subject confirmation
> My reading of the XMLDSig spec is that if just the SubjectName appears in > the KeyInfo, that's the only data that needs to match (of course, the RP > probably still wants to ensure that the certificate's authority is trusted) > and the behavior (of accepting C2 or C1 since both have the same Subject > and that's all that's referenced in the KeyInfo) is how it should work > without the need for a profile. The problem is that there are implementation-specific or deployment-specific elements to this, such as a model in which all certificates have to be known via a directory and so presenting one with the right name but that doesn't match the key "known" to belong to that subject would be rejected. That's a perfectly legal implementation that would happen to use these syntax elements, which is why I'm trying to advise caution about any use case involving key references. I'm trying to think of this purely from a specification point of view, and not an actual use case, in which any or all of that might be irrelevant or seem silly and pedantic. The spec is quite clear that any element of KeyInfo is there to identify a key, with no prejudice implied. Any plausible means of connecting a KeyInfo to the key presented is absolutely legal IMHO. So there's really no way to guarantee what any particular implementation will do because the guy who wrote it was making choices that might seem crazy to somebody else, too limiting, or even too expansive. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]