[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [security-services] Draft-sstc-sec-consider-03.doc
May I ask the SAML-members why Dug Song's attack on HTTPS does no apply to SAML? http://www.monkey.org/~dugsong/dsniff/faq.html Anders ----- Original Message ----- From: "Chris McLaren" <cmclaren@netegrity.com> To: "'oasis sstc'" <security-services@lists.oasis-open.org> Sent: Wednesday, January 09, 2002 21:46 Subject: [security-services] Draft-sstc-sec-consider-03.doc Here's the latest, incorporating the following: 1) Eve's changes 2) My changes in response to Eve's comments 3) Comments and changes from Prateek 4) Filling in my TBDs 5) Added a section on Key Management (background on the limitations of security based on key-to-identity binding strength) 6) Added a Privacy section. This is basically a comment that you should keep private things confidential combined with a section on anonymity that is based pretty heavily on Marlena's notes to the list. I am looking forward to comments and additional text from everyone, as they review the document. C.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC