shibboleth-dev - Re: testing the one-hop validation scenario
Subject: Shibboleth Developers
List archive
- From: Derek Atkins <>
- To: "RL 'Bob' Morgan" <>
- Cc: Shibboleth Design Team <>
- Subject: Re: testing the one-hop validation scenario
- Date: 30 May 2003 20:16:26 -0400
Ahh, thanks. Too many trust-lists...
-derek
"RL 'Bob' Morgan"
<>
writes:
> > I wonder, with the new trust/sites metadata formats, what's the
> > "calist" used for anymore?
>
> It's for validating the server cert sent by the AA via https when doing
> the attribute fetch. It suffers from the "all CAs trusted for everything"
> problem, but this is less of a risk for this communication.
>
> - RL "Bob"
>
>
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
PGP key available
------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at
http://archives.internet2.edu/
------------------------------------------------------mace-shib-design--
- testing the one-hop validation scenario, RL 'Bob' Morgan, 05/30/2003
- Re: testing the one-hop validation scenario, RL 'Bob' Morgan, 05/30/2003
- Re: testing the one-hop validation scenario, Derek Atkins, 05/30/2003
- Re: testing the one-hop validation scenario, RL 'Bob' Morgan, 05/30/2003
- Re: testing the one-hop validation scenario, Derek Atkins, 05/30/2003
- Re: testing the one-hop validation scenario, RL 'Bob' Morgan, 05/30/2003
Archive powered by MHonArc 2.6.16.