Shibboleth Developers

["Scott Cantor" <>]

> Can I ask what value you expect that requirement to bring?  We tried to
> think this through for the UK, and we couldn't see that anything bad
> (other than non-functionality) would happen if someone handed us the
> wrong public key... certainly no security issues that we could think of.

I'm not sure I follow. If the key's wrong, then the attacker who substituted
his own public key can decrypt anything sent to that SP and will be able to
authenticate as that SP. (Presumably attacking the key is accompanied by
other protocol attacks, otherwise you're not likely to get much.)

> The following paper, for example, seems to come to the same conclusion:
> 
>     http://middleware.internet2.edu/pki03/presentations/10.pdf

Well, like most PKI papers, it reads like a sort of tautology. "If world ==
perfect, then something works this way."

It says that PoP is useless unless the protocol using the key later has
flaws. Most protocols have flaws, not because they're broken but because
they have to live within constraints.

It also seems to be saying that it's impractical to imagine somebody
plugging in their own public key during "enrollment" because they'd likely
have access to the whole keystore and could just steal the private key. This
may make sense in a world of CA enrollment, but not in the SAML domain.

-- Scott