OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: [security-services] Draft-sstc-sec-consider-03.doc

The attack described in section 3.4 of the document you reference is
based on two assumptions

1) The client does not verify certificate chains all the way to a
trusted CA (in the example attack the malicious party presents a
self-signed bogus certificate)
2) The server does not require a verified client certificate.

All key-based systems are open to this kind of attack, but we do address
both of these assumptions in the document.

Assumption 1 is addressed in the new section on Key Management wherein
it is noted that these systems really need to check both the correctness
of the key, and the correctness/currentness of the key-to-identity
binding (which can involved full cert chain verification or reference at
a local store of assigned keys, either of which would cause assumption 1
to fail).

Assumption 2 is addressed in our definition of , and requirement for,
bilateral authentication. When the bilateral authentication requirement
is mentioned in the document, it is mentioned that SSL/TLS with client
certificates required, meets this requirement. So the client must supply
a verifiable certificate, which causes assumption 2 to fail.


> -----Original Message-----
> From: Anders Rundgren [mailto:anders.rundgren@telia.com] 
> Sent: Wednesday, January 09, 2002 5:16 PM
> To: cmclaren@netegrity.com; 'oasis sstc'
> Subject: Re: [security-services] Draft-sstc-sec-consider-03.doc
> May I ask the SAML-members why Dug Song's attack on HTTPS does
> no apply to SAML?


----- Original Message ----- 
From: "Chris McLaren" <cmclaren@netegrity.com>
To: "'oasis sstc'" <security-services@lists.oasis-open.org>
Sent: Wednesday, January 09, 2002 21:46
Subject: [security-services] Draft-sstc-sec-consider-03.doc

Here's the latest, incorporating the following:

1) Eve's changes
2) My changes in response to Eve's comments
3) Comments and changes from Prateek
4) Filling in my TBDs
5) Added a section on Key Management (background on the limitations of
security based on key-to-identity binding strength)
6) Added a Privacy section. This is basically a comment that you should
keep private things confidential combined with a section on anonymity
that is based pretty heavily on Marlena's notes to the list.

I am looking forward to comments and additional text from everyone, as
they review the document. 


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC