[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Minutes for SSTC Telecon (18 Oct 2011)
On 10/21/11 7:12 AM, "Massimiliano Masi" <massimiliano.masi@tiani-spirit.com> wrote: > >and here the public link: Thanks for finding that! >opening etc. The error messages returned to the MITM are meaningful so >that, >the MITM, can guess with high probability to have produced a well formed >ciphertext (w.r.t. their definition of ``well formed''ness). Unfortunately it's not just error messages (that's easy to prevent), it's also a timing attack. >It is more or less related to the assumptions to sign before encrypt, >encrypt-before-sign, sign-before-encrypt-than-sign again. SAML unfortunately followed the advice of the industry and encouraged sign before encrypt, and that's turned out to be a mistake. I think we will have to rectify that in errata. A fix in many scenarios is going to be to start signing responses instead of assertions, but that's a disruptive change since the relying party has to enforce that. >What I see very interesting (and I don't see any countermeasures on that) >are the links in the ``countermeasures'' section, to kind of XML Rewrite >Attacks[1] >and what they call XML Encryption wrapping, in which the MITM can change >the >structure of the soap message to have the signature validation useless. Maybe for web services, but that's not a SAML problem. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]