OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Possible 1.1 (and 1.0) errata

It's been pointed out during review of the latest Liberty documents that the
part in SAML about identifier uniqueness is overstated based on the intent.
If the point is to use a SHA1 hash, then the actual collision probability in
the spec language should be <= 2^-80 instead of < 2^-160

Liberty had the same language and it was copied from SAML, so I figured I'd
mention it.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]