[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] holder-of-key subject confirmation
> As I reread the emails a 2nd time, I find that I technically > agree with the responses that you gave, but to me the > net result of the chain of emails did not clearly explain > where the potential problems were with Tom's scenario. I agree with you on that, I was making several false starts trying to identify what bugged me about the initial suggestion, and why it seemed fishy to me while also trying to argue that, in general, the idea wasn't strictly illegal. I came to the conclusion that, in general, it was insecure, but that in particular situations in which a PKI in place imposed additional constraints on processing, it would be viable. > I did not make any assumptions about the certificates. > As it turned out it is only when Tom introduced the > assumption that RP trusted C2 that the scenario began > to firm up. I agree. > However, Tom introduced C2 to the picture here, again with no > assumptions about C2. Right. I was trying to say, I think you have to make some, but if you made them, it could work. > So, as I initially indicated, I do not think we disagree on the > technical details, but simply have been presenting two > perspectives of how to view the scenario and clarify its > details so that it is more substantive than the initial description > explicitly described. In particular, without applying constraints > to C2, the original description is completely unsafe, imo. I agree with all of that. I just don't think that, whatever the merits of the use case, it quite degenerates to "bearer" in light of the key proof that's still being applied. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]