Shibboleth Developers

[Ian Young <>]

Scott Cantor wrote:

> > Can I ask what value you expect that requirement to bring?  We tried to
> > think this through for the UK, and we couldn't see that anything bad
> > (other than non-functionality) would happen if someone handed us the
> > wrong public key... certainly no security issues that we could think of.
>
> I'm not sure I follow. If the key's wrong, then the attacker who substituted
> his own public key can decrypt anything sent to that SP and will be able to
> authenticate as that SP. (Presumably attacking the key is accompanied by
> other protocol attacks, otherwise you're not likely to get much.)

Sorry, I missed out my assumption that you'd be authenticating the 
*source* of the public key.  Obviously if you don't do that you're in 
trouble.  The question is whether if you *are* authenticating the source 
of the public key, adding PoP on top gives you anything you need (in the 
context of people handing a federation operator a public key to be 
embedded in metadata).

        -- Ian