shibboleth-dev - RE: Shibboleth and ipv6
Subject: Shibboleth Developers
List archive
- From: "Scott Cantor" <>
- To: <>
- Subject: RE: Shibboleth and ipv6
- Date: Wed, 19 Oct 2005 16:48:59 -0400
- Organization: The Ohio State University
> The obvious threat scenario that address checking protects against is
> theft of the bearer assertion from the client machine, with the just as
> obvious reply that if the client machine is compromised in such a way that
> things passing through it can be stolen, then the user has pretty much
> lost the game, regardless of protocols techniques.
No, the threat I worry about is cookie theft, which is much easier. Browsers
don't do a good job of protecting against that, bugs there crop up
constantly. An IP check is an order of magnitude harder to beat than
exploiting the bug of the week in IE is.
-- Scott
- Shibboleth and ipv6, Lukas Haemmerle, 10/14/2005
- RE: Shibboleth and ipv6, Scott Cantor, 10/14/2005
- Re: Shibboleth and ipv6, Lukas Haemmerle, 10/18/2005
- Re: Shibboleth and ipv6, Spencer W. Thomas, 10/18/2005
- Re: Shibboleth and ipv6, Lukas Haemmerle, 10/18/2005
- RE: Shibboleth and ipv6, Scott Cantor, 10/18/2005
- RE: Shibboleth and ipv6, RL 'Bob' Morgan, 10/19/2005
- RE: Shibboleth and ipv6, Scott Cantor, 10/19/2005
- RE: Shibboleth and ipv6, Scott Cantor, 10/19/2005
- RE: Shibboleth and ipv6, RL 'Bob' Morgan, 10/19/2005
- RE: Shibboleth and ipv6, Scott Cantor, 10/19/2005
- Re: Shibboleth and ipv6, Ian Young, 10/20/2005
- Re: Shibboleth and ipv6, RL 'Bob' Morgan, 10/20/2005
- RE: Shibboleth and ipv6, Scott Cantor, 10/19/2005
- RE: Shibboleth and ipv6, RL 'Bob' Morgan, 10/19/2005
- Re: Shibboleth and ipv6, Spencer W. Thomas, 10/18/2005
- Re: Shibboleth and ipv6, Lukas Haemmerle, 10/18/2005
- RE: Shibboleth and ipv6, Scott Cantor, 10/14/2005
Archive powered by MHonArc 2.6.16.