shibboleth-dev - Re: Tomcat and certificate validation for SSL
Subject: Shibboleth Developers
List archive
- From: Tom Scavo <>
- To: Chad La Joie <>
- Cc:
- Subject: Re: Tomcat and certificate validation for SSL
- Date: Tue, 14 Jun 2005 07:25:42 -0400
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=Io2K5dqX3885gXqDcEBA0FqgCPtyVaU4iaOwxbLcZupTZ3jXqE/160CFWjxH4pxZluPEznXsAB7dWVkPu1HkTEY6SDPevedLHBDz5GMbd+bs/+vRWLZNXWJw/mqjqFNCZqn2lD4VlJIjgeNiXHxYiV6KGhYbIyWC4tJSJ/8vm9o=
On 6/13/05, Chad La Joie
<>
wrote:
>
> Here's my question though, if we just pass the client-cert auth
> employing request on, with the SSL info in the appropriate headers, for
> the IdP to verify are we weakening the security that people expect from
> the client-cert authentication? Also, are the headers that we're
> placing this data in defined in a standard (HTTPS standard perhaps)?
>
> My only concern with all this is portability to other containers.
Have you considered message-level security instead? Admittedly this
is substituting one non-standard approach for another but WS-Security
is inevitable, is it not?
Tom
- Tomcat and certificate validation for SSL, Chad La Joie, 06/13/2005
- RE: Tomcat and certificate validation for SSL, Scott Cantor, 06/13/2005
- Re: Tomcat and certificate validation for SSL, Chad La Joie, 06/13/2005
- RE: Tomcat and certificate validation for SSL, Scott Cantor, 06/13/2005
- Re: Tomcat and certificate validation for SSL, Chad La Joie, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Scott Cantor, 06/13/2005
- Re: Tomcat and certificate validation for SSL, Chad La Joie, 06/13/2005
- Re: Tomcat and certificate validation for SSL, Tom Scavo, 06/14/2005
- Re: Tomcat and certificate validation for SSL, Chad La Joie, 06/14/2005
- Re: Tomcat and certificate validation for SSL, Tom Scavo, 06/14/2005
- Re: Tomcat and certificate validation for SSL, Chad La Joie, 06/14/2005
- Re: Tomcat and certificate validation for SSL, Tom Scavo, 06/14/2005
- Re: Tomcat and certificate validation for SSL, Chad La Joie, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Howard Gilbert, 06/14/2005
- Re: Tomcat and certificate validation for SSL, Chad La Joie, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Howard Gilbert, 06/14/2005
- Re: Tomcat and certificate validation for SSL, Chad La Joie, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Scott Cantor, 06/14/2005
- Re: Tomcat and certificate validation for SSL, Chad La Joie, 06/14/2005
- Re: Tomcat and certificate validation for SSL, Tom Scavo, 06/14/2005
- Re: Tomcat and certificate validation for SSL, Chad La Joie, 06/14/2005
- Re: Tomcat and certificate validation for SSL, Tom Scavo, 06/14/2005
- Re: Tomcat and certificate validation for SSL, Chad La Joie, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Scott Cantor, 06/13/2005
Archive powered by MHonArc 2.6.16.