OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] Minutes for SSTC Telecon (18 Oct 2011)

On 10/21/11 7:12 AM, "Massimiliano Masi"
<massimiliano.masi@tiani-spirit.com> wrote:
>and here the public link:

Thanks for finding that!

>opening etc. The error messages returned to the MITM are meaningful so
>the MITM, can guess with high probability to have produced a well formed
>ciphertext (w.r.t. their definition of ``well formed''ness).

Unfortunately it's not just error messages (that's easy to prevent), it's
also a timing attack.

>It is more or less related to the assumptions to sign before encrypt,
>encrypt-before-sign, sign-before-encrypt-than-sign again.

SAML unfortunately followed the advice of the industry and encouraged sign
before encrypt, and that's turned out to be a mistake. I think we will
have to rectify that in errata. A fix in many scenarios is going to be to
start signing responses instead of assertions, but that's a disruptive
change since the relying party has to enforce that.

>What I see very interesting (and I don't see any countermeasures on that)
>are the links in the ``countermeasures'' section, to kind of XML Rewrite
>and what they call XML Encryption wrapping,  in which the MITM can change
>structure of the soap message to have the signature validation useless.

Maybe for web services, but that's not a SAML problem.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]