[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: Defective sign & encrypt vis-a-vis SAML?
My apologies for sending that link. You can get a PS version at http://world.std.com/~dtd/sign_encrypt/sign_encrypt7.ps or an HTML version at http://world.std.com/~dtd/sign_encrypt/sign_encrypt7.html, neither of which require USENIX membership. --Jeremy > -----Original Message----- > From: Hal Lockhart [mailto:hal.lockhart@entegrity.com] > Sent: Friday, July 13, 2001 4:31 PM > To: 'Jeremy Epstein'; OASIS SSTC List > Subject: RE: Defective sign & encrypt vis-a-vis SAML? > > > This paper is restricted to USENIX members. Does anybody know > where there is > a public copy? (We are probably members, but I am sure it will be > a pain to > track down whoever knows the password.) > > Hal > > > -----Original Message----- > > From: Jeremy Epstein [mailto:jepstein@webmethods.com] > > Sent: Thursday, July 12, 2001 5:05 PM > > To: OASIS SSTC List. > > Subject: Defective sign & encrypt vis-a-vis SAML? > > > > > > I'm sure many of you have heard about Don Davis' moderately > > controversial > > paper on defective sign & encrypt in S/MIME, XML Signature, and other > > standards (see > > http://www.usenix.org/publications/library/proceedings/usenix0 > 1/davis.html > for the paper). It's not that the crypto algorithms are broken, it's that > they're being used in broken ways that allow surreptitious > forwarding, among > other things. > > Has anyone given any thought to the way SAML specifies signing & > encrypting > of assertions and other stuff? This has been discussed briefly on the XML > Encryption list... > > Or is it too soon to think about such a thing? > > --Jeremy > > ----------------------------------------------------------- > Jeremy Epstein voice: 703-460-5852 > Director, Product Security & Performance FAX: 703-460-5999 > webMethods, Inc. cell: 703-989-8907 > Fairfax Virginia email: jepstein@webMethods.com > -----------------------------------------------------------
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC