Skip to Content.
Sympa Menu

shibboleth-dev - Re: [Shibboleth-Announce] Shibboleth 2.0 SP Release Candidate 1

Subject: Shibboleth Developers

List archive

Re: [Shibboleth-Announce] Shibboleth 2.0 SP Release Candidate 1


Chronological Thread 
  • From: Ian Young <>
  • To:
  • Subject: Re: [Shibboleth-Announce] Shibboleth 2.0 SP Release Candidate 1
  • Date: Mon, 04 Feb 2008 16:36:23 +0000
  • Openpgp: id=EA2882BB

Lukas Haemmerle wrote:

This could be useful in our case
when we want to verify the possession of an SPs private key before we
let somebody embed e.g. a self-signed certificate.

Can I ask what value you expect that requirement to bring? We tried to think this through for the UK, and we couldn't see that anything bad (other than non-functionality) would happen if someone handed us the wrong public key... certainly no security issues that we could think of.

The following paper, for example, seems to come to the same conclusion:

http://middleware.internet2.edu/pki03/presentations/10.pdf

I'm wondering whether you've noticed something we didn't...

-- Ian



Archive powered by MHonArc 2.6.16.

Top of Page