OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: [security-services] Draft-sstc-sec-consider-03.doc

May I ask the SAML-members why Dug Song's attack on HTTPS does
no apply to SAML?



----- Original Message ----- 
From: "Chris McLaren" <cmclaren@netegrity.com>
To: "'oasis sstc'" <security-services@lists.oasis-open.org>
Sent: Wednesday, January 09, 2002 21:46
Subject: [security-services] Draft-sstc-sec-consider-03.doc

Here's the latest, incorporating the following:

1) Eve's changes
2) My changes in response to Eve's comments
3) Comments and changes from Prateek
4) Filling in my TBDs
5) Added a section on Key Management (background on the limitations of
security based on key-to-identity binding strength)
6) Added a Privacy section. This is basically a comment that you should
keep private things confidential combined with a section on anonymity
that is based pretty heavily on Marlena's notes to the list.

I am looking forward to comments and additional text from everyone, as
they review the document. 


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC