OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Groups - sstc-saml-bindings-2.0-draft-10.pdf uploaded

Per lines 692-694, a recommendation for not less than 8 pseudorandom bytes
within a 20-byte MessageHandle seems somewhat short relative to contemporary
crypto practice, also noting the Security Considerations statement at line
772 that the binding relies on the property of the artifact being a
hard-to-forge short-term reference.  Since the MessageHandle is effectively
a form of shared secret, I'd suggest recommending pseudorandomness to the
112-bit or 128-bit level, rather than 64-bit.  Would this create a problem
for anyone?


-----Original Message-----
From: cantor.2@osu.edu [mailto:cantor.2@osu.edu]
Sent: Saturday, May 08, 2004 4:18 PM
To: security-services@lists.oasis-open.org
Subject: [security-services] Groups -
sstc-saml-bindings-2.0-draft-10.pdf uploaded

The document sstc-saml-bindings-2.0-draft-10.pdf has been submitted by Scott
Cantor (cantor.2@osu.edu) to the OASIS Security Services TC document

Document Description:
Combined SAML and ID-FF artifact formats into a single proposed type 04.

Download Document:  

View Document Details:

PLEASE NOTE:  If the above links do not work for you, your email application
may be breaking the link into two pieces.  You may be able to copy and paste
the entire link address into the address field of your web browser.

To unsubscribe from this mailing list (and be removed from the roster of the
OASIS TC), go to

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]