OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] Minutes for SSTC Telecon (18 Oct 2011)


Il giorno 21/ott/2011, alle ore 16:11, Cantor, Scott ha scritto:
>> opening etc. The error messages returned to the MITM are meaningful so
>> that,
>> the MITM, can guess with high probability to have produced a well formed
>> ciphertext (w.r.t. their definition of ``well formed''ness).
> Unfortunately it's not just error messages (that's easy to prevent), it's
> also a timing attack.

Yes, that's true. But these attacks are really hard to prevent, AFAIK. 
Most of the attacks to crypto systems based on oracles, are suffering 
from timing problems. Do you think that the paper from Bochum is suggesting
timing attacks of another kind?

> Maybe for web services, but that's not a SAML problem.

Yes, that's true. It's a problem of WS-Security, when it is carrying the SAML

Massimiliano Masi

Tiani "Spirit" GmbH
Guglgasse 6
Gasometer A
1110 Vienna

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]