OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [saml-dev] holder-of-key subject confirmation


> My reading of the XMLDSig spec is that if just the SubjectName appears in
> the KeyInfo, that's the only data that needs to match (of course, the RP
> probably still wants to ensure that the certificate's authority is
trusted)
> and the behavior (of accepting C2 or C1 since both have the same Subject
> and that's all that's referenced in the KeyInfo) is how it should work
> without the need for a profile.

The problem is that there are implementation-specific or deployment-specific
elements to this, such as a model in which all certificates have to be known
via a directory and so presenting one with the right name but that doesn't
match the key "known" to belong to that subject would be rejected. That's a
perfectly legal implementation that would happen to use these syntax
elements, which is why I'm trying to advise caution about any use case
involving key references.

I'm trying to think of this purely from a specification point of view, and
not an actual use case, in which any or all of that might be irrelevant or
seem silly and pedantic. The spec is quite clear that any element of KeyInfo
is there to identify a key, with no prejudice implied. Any plausible means
of connecting a KeyInfo to the key presented is absolutely legal IMHO.

So there's really no way to guarantee what any particular implementation
will do because the guy who wrote it was making choices that might seem
crazy to somebody else, too limiting, or even too expansive.

-- Scott




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]