[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] DDDS RFCs,Liberty and SAML Metadata exchange protocol
> Is DNSSEC relevant to this work? > Is there an issue with DNS security and site spoofing? > Does the DDDS/NAPTR material address such concerns? There are places in the Liberty spec that mention DNSSEC and have some SHOULDs around using it and validating the metadata location with it and such. I'm much less clear on the ins and outs of it, as opposed to the use of XML signatures on the metadata itself, which is basically mandatory. In Shibboleth, we're distributing metadata over HTTP, because the provider of the data is considered irrelevant; only the signature matters. And the signer is really the root of everything at that point. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]