[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: URI security problems
> > It is true that hashing the entire name assertion would make > binding even stronger > but it looks like overkill to me. Why bother to sign the > name assertion in the first > place if you can't trust such a in basic cryptographic operation? > Hi Anders, In my opinion, a linkage scheme based on hashing the object to generate its ID is better, because it imposes fewer requirements on issuers and makes the scheme more robust. You can't accidently reuse your own or somebody elses ID, unless the hash has collided. It also serves as an additional check on the integrity of the linkage (incase you have accidently trusted a "bad" issuer generating IDs that are being used by another issuer). The latter may be important if you have many trust relationships. Regards, Nigel.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC