shibboleth-dev - RE: Tomcat and certificate validation for SSL
Subject: Shibboleth Developers
List archive
- From: "Alistair Young" <>
- To: "Scott Cantor" <>
- Cc:
- Subject: RE: Tomcat and certificate validation for SSL
- Date: Tue, 14 Jun 2005 21:44:58 +0100 (BST)
- Importance: Normal
> There is no interoperable way to do the encryption
what about just signing the Request then? and letting tls continue to
handle the confidentiality? without client-auth, as the validation is done
at the message level?
Alistair
--
Alistair Young
Senior Software Engineer
UHI@Sabhal
Mòr Ostaig
Isle of Skye
Scotland
>> Perhaps I'm not understanding the problem enough (probably) but would it
>> help if the SP signed SAML Requests? Then it's client cert ends up in
>> the
>> SAML request and can be extracted by the AA and validated. TLS can still
>> handle the wire, though it too could be binned if message-level
>> encryption
>> was used.
>
> There is no interoperable way to do the encryption until 2.0, and we'd
> also
> have to add replay detection/caching to prevent replay attacks.
>
> -- Scott
>
>
- Re: Tomcat and certificate validation for SSL, (continued)
- Re: Tomcat and certificate validation for SSL, Chad La Joie, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Howard Gilbert, 06/14/2005
- Re: Tomcat and certificate validation for SSL, Chad La Joie, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Howard Gilbert, 06/14/2005
- Re: Tomcat and certificate validation for SSL, Chad La Joie, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Scott Cantor, 06/14/2005
- Re: Tomcat and certificate validation for SSL, Chad La Joie, 06/14/2005
- Re: Tomcat and certificate validation for SSL, Alistair Young, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Scott Cantor, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Alistair Young, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Scott Cantor, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Alistair Young, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Scott Cantor, 06/14/2005
- Re: Tomcat and certificate validation for SSL, Tom Scavo, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Scott Cantor, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Alistair Young, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Scott Cantor, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Alistair Young, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Scott Cantor, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Scott Cantor, 06/14/2005
- Re: Tomcat and certificate validation for SSL, Tom Scavo, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Scott Cantor, 06/14/2005
- Re: Tomcat and certificate validation for SSL, Walter Hoehn, 06/14/2005
- Re: Tomcat and certificate validation for SSL, Tom Scavo, 06/14/2005
Archive powered by MHonArc 2.6.16.