shibboleth-dev - RE: Tomcat and certificate validation for SSL
Subject: Shibboleth Developers
List archive
- From: "Scott Cantor" <>
- To: "'Tom Scavo'" <>, "'Chad La Joie'" <>
- Cc: <>
- Subject: RE: Tomcat and certificate validation for SSL
- Date: Tue, 14 Jun 2005 10:32:56 -0400
- Organization: The Ohio State University
> Have you considered message-level security instead? Admittedly this
> is substituting one non-standard approach for another but WS-Security
> is inevitable, is it not?
SAML 1.1 technically outlaws use of WSS in the SOAP binding, and we don't get
encryption unless we do a lot of non-interoperable
work.
Message authentication per se doesn't require WSS. We could sign at the
protocol layer (and add replay protection, etc, which WSS
also doesn't provide). That still doesn't give us encryption unless we use
SSL anyway, but we could probably get away with server
TLS only. And it's about 10 times as slow.
I think you'd have to be mentally unstable to take that performance hit in
return for not running Apache, which is available and
usually bundled on every platform, and faster to begin with. ;-)
-- Scott
- Re: Tomcat and certificate validation for SSL, (continued)
- Re: Tomcat and certificate validation for SSL, Chad La Joie, 06/14/2005
- Re: Tomcat and certificate validation for SSL, Tom Scavo, 06/14/2005
- Re: Tomcat and certificate validation for SSL, Chad La Joie, 06/14/2005
- Re: Tomcat and certificate validation for SSL, Tom Scavo, 06/14/2005
- Re: Tomcat and certificate validation for SSL, Chad La Joie, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Howard Gilbert, 06/14/2005
- Re: Tomcat and certificate validation for SSL, Chad La Joie, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Howard Gilbert, 06/14/2005
- Re: Tomcat and certificate validation for SSL, Chad La Joie, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Scott Cantor, 06/14/2005
- Re: Tomcat and certificate validation for SSL, Chad La Joie, 06/14/2005
- Re: Tomcat and certificate validation for SSL, Tom Scavo, 06/14/2005
- Re: Tomcat and certificate validation for SSL, Chad La Joie, 06/14/2005
- Re: Tomcat and certificate validation for SSL, Tom Scavo, 06/14/2005
- Re: Tomcat and certificate validation for SSL, Chad La Joie, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Scott Cantor, 06/14/2005
- Re: Tomcat and certificate validation for SSL, Alistair Young, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Scott Cantor, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Alistair Young, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Scott Cantor, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Alistair Young, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Scott Cantor, 06/14/2005
- Re: Tomcat and certificate validation for SSL, Tom Scavo, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Scott Cantor, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Alistair Young, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Scott Cantor, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Alistair Young, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Scott Cantor, 06/14/2005
Archive powered by MHonArc 2.6.16.