shibboleth-dev - Re: Encryption key strategies
Subject: Shibboleth Developers
List archive
- From: "Tom Scavo" <>
- To:
- Subject: Re: Encryption key strategies
- Date: Thu, 22 Jun 2006 09:55:51 -0400
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=c0mNycRXjHen6HTxXczPjjjqSj+j1RLTfovelRQ3viOTLI3vNuxpvSvqroa5/DQixEAu0nK61CZ/quFd30uBirGel/0rRfgbGSs00x/JS4osqiz+Z640ERvWibHS29pWLTwb+fHS9CHgREYmocvn3KiQ8mKgxXMCZzHLTYajRI4=
On 6/22/06, Chad La Joie
<>
wrote:
You might be able to argue that for this particular profile you could
imply that the relying party was attempting indicate that a cached key
should be used by the lack of the EncryptedData/EncryptedKey element but
that's hardly a standard for doing it. That's an optional element
according to the XML-ENC spec so the lack of it could mean anything.
If there is no EncryptedKey element in the request, the responder has
to look elsewhere for the key. Once found, the responder can use this
key to encrypt the response or use another key shared by the two
parties.
Personally, I think it's better to limit the responder's choices to
two (instead of three):
1. Encrypt the response using a new key
2. Encrypt the response using the same key the requester used to
encrypt the request
I don't see the benefit of switching gears on the requester by using a
different key (unless it's a new key).
Tom
- Encryption key strategies, Scott Cantor, 06/21/2006
- Re: Encryption key strategies, Jim Fox, 06/22/2006
- RE: Encryption key strategies, Scott Cantor, 06/22/2006
- Re: Encryption key strategies, Tom Scavo, 06/22/2006
- Re: Encryption key strategies, Chad La Joie, 06/22/2006
- Re: Encryption key strategies, Tom Scavo, 06/22/2006
- Re: Encryption key strategies, Chad La Joie, 06/22/2006
- Re: Encryption key strategies, Tom Scavo, 06/22/2006
- Re: Encryption key strategies, Chad La Joie, 06/22/2006
- Re: Encryption key strategies, Tom Scavo, 06/22/2006
- RE: Encryption key strategies, Scott Cantor, 06/22/2006
- Re: Encryption key strategies, Tom Scavo, 06/22/2006
- RE: Encryption key strategies, Scott Cantor, 06/22/2006
- RE: Encryption key strategies, Jim Fox, 06/22/2006
- RE: Encryption key strategies, Scott Cantor, 06/22/2006
- Re: Encryption key strategies, Keith Hazelton, 06/22/2006
- Re: Encryption key strategies, Chad La Joie, 06/22/2006
- Re: Encryption key strategies, Tom Scavo, 06/22/2006
- RE: Encryption key strategies, Scott Cantor, 06/22/2006
- Re: Encryption key strategies, Tom Scavo, 06/22/2006
- Re: Encryption key strategies, Chad La Joie, 06/22/2006
- Re: Encryption key strategies, Tom Scavo, 06/22/2006
- RE: Encryption key strategies, Scott Cantor, 06/22/2006
- Re: Encryption key strategies, Jim Fox, 06/22/2006
Archive powered by MHonArc 2.6.16.