OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: Web-browser Binding Vulnerabilities + "Cures"

> I don't disagree one single bit on that although the work to 
> do the URL snatcher
> is very limited compared to breaking in into a browser 
> session and stealing
> keys. 

This type of argument has not had validity for many years, because clever
people now write tools that any idiot can use. Witness the death of

> I absolutely think we should proceed with the use cases 
> which I still lack
> any comments on!  See posting "Use cases revisited" which 
> refers to case #1.

I went back to that message and this is what it says:

> The use-case is simply scalable e-business with a multitude 
> of partners, where the
> relations may be rather short-lived, the interest in 
> performing mutual configurations minimal,
> and even trust be relatively limited.  "Normal" business in 
> my opinion.

I am not surprised there are no comments. This is not a use case. What are
the parties what is the configuration? What messages need to pass from where
to where for what purpose?

I suggest you draft some text and preferably a diagram, along the lines of
what appears in the S2ML document and send it to the usecase/requirements

I am also curious about what you mean by challenge/response. Are you
refering to a particular protocol or the use of the general technique of


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC