shibboleth-dev - Re: Encryption key strategies

Subject: Shibboleth Developers

List archive

Re: Encryption key strategies

From: Chad La Joie <>
To:
Subject: Re: Encryption key strategies
Date: Thu, 22 Jun 2006 08:51:04 -0400

Tom Scavo wrote:

On 6/22/06, Scott Cantor
<>
wrote:

I asked around a little and determined that in SAML (or Liberty) land,
nobody's pushing much beyond per-message keys.

Is it reasonable to extend this beyond a single message and think
about per-transaction keys? The responder, for example, might reuse a
symmetric key in the request to encrypt a portion of the response.
For example, the responder might reuse a key that was used to encrypt
the NameID in the request to encrypt an assertion in the response.

In theory I think this is possible, but it gets back to the question of interoperability that Scott mentioned. To the best of my knowledge, there isn't any spec for how to do this.

--
Chad La Joie 2052-C Harris Bldg
OIS-Middleware 202.687.0124

Encryption key strategies, Scott Cantor, 06/21/2006
- Re: Encryption key strategies, Jim Fox, 06/22/2006
  - RE: Encryption key strategies, Scott Cantor, 06/22/2006
    - Re: Encryption key strategies, Tom Scavo, 06/22/2006
      - Re: Encryption key strategies, Chad La Joie, 06/22/2006
        
        Re: Encryption key strategies, Tom Scavo, 06/22/2006
        
        Re: Encryption key strategies, Chad La Joie, 06/22/2006
        
        Re: Encryption key strategies, Tom Scavo, 06/22/2006
        Re: Encryption key strategies, Chad La Joie, 06/22/2006
        Re: Encryption key strategies, Tom Scavo, 06/22/2006
        RE: Encryption key strategies, Scott Cantor, 06/22/2006
        Re: Encryption key strategies, Tom Scavo, 06/22/2006
        RE: Encryption key strategies, Scott Cantor, 06/22/2006
        RE: Encryption key strategies, Jim Fox, 06/22/2006
        RE: Encryption key strategies, Scott Cantor, 06/22/2006

List archive

Re: Encryption key strategies