shibboleth-dev - RE: [Shib-Dev] how to deliver personal infocard keyinfo to app?
Subject: Shibboleth Developers
List archive
- From: Jim Fox <>
- To: Scott Cantor <>
- Cc:
- Subject: RE: [Shib-Dev] how to deliver personal infocard keyinfo to app?
- Date: Sun, 10 Aug 2008 11:27:55 -0700 (PDT)
Let me put it this way. If we have to think about this
non-trivially, it's the wrong approach.
Possibly we can stop overdesigning this thing. The whole point was
to give some uniqueness to infocard's broken PPID. Adding a hash
of the card's public key accomplishes that. The only reason the
original PPID might not be unique is that it is a bearer item, and
could be stolen and reused. The only way the PPID can be discovered
is with the compromise of the user's system or the server's system.
Either way any little bit of security has been lost.
We don't even know that the key hash is even beneficial.
If I export a card to another system, the PPID might
stay the same, but will the public key? I don't see where
that's guaranteed. The system might be more useful without
it and no more secure with it.
My inclination is to drop the public key - hash and all.
If the PPID is important to the service, then the service
can protect it.
Jim
- RE: [Shib-Dev] how to deliver personal infocard keyinfo to app?, Jim Fox, 08/08/2008
- RE: [Shib-Dev] how to deliver personal infocard keyinfo to app?, Scott Cantor, 08/08/2008
- Message not available
- Re: [Shib-Dev] how to deliver personal infocard keyinfo to app?, Tom Scavo, 08/08/2008
- Re: [Shib-Dev] how to deliver personal infocard keyinfo to app?, Scott Cantor, 08/09/2008
- Re: [Shib-Dev] how to deliver personal infocard keyinfo to app?, Tom Scavo, 08/09/2008
- RE: [Shib-Dev] how to deliver personal infocard keyinfo to app?, Scott Cantor, 08/09/2008
- RE: [Shib-Dev] how to deliver personal infocard keyinfo to app?, Peter Williams, 08/09/2008
- Re: [Shib-Dev] how to deliver personal infocard keyinfo to app?, Tom Scavo, 08/09/2008
- RE: [Shib-Dev] how to deliver personal infocard keyinfo to app?, Peter Williams, 08/09/2008
- RE: [Shib-Dev] how to deliver personal infocard keyinfo to app?, Scott Cantor, 08/09/2008
- RE: [Shib-Dev] how to deliver personal infocard keyinfo to app?, Jim Fox, 08/10/2008
- RE: [Shib-Dev] how to deliver personal infocard keyinfo to app?, Scott Cantor, 08/10/2008
- RE: [Shib-Dev] how to deliver personal infocard keyinfo to app?, Jim Fox, 08/11/2008
- RE: [Shib-Dev] how to deliver personal infocard keyinfo to app?, Scott Cantor, 08/11/2008
- RE: [Shib-Dev] how to deliver personal infocard keyinfo to app?, Jim Fox, 08/11/2008
- RE: [Shib-Dev] how to deliver personal infocard keyinfo to app?, Scott Cantor, 08/11/2008
- RE: [Shib-Dev] how to deliver personal infocard keyinfo to app?, Peter Williams, 08/09/2008
- RE: [Shib-Dev] how to deliver personal infocard keyinfo to app?, Scott Cantor, 08/09/2008
- Re: [Shib-Dev] how to deliver personal infocard keyinfo to app?, Tom Scavo, 08/09/2008
- Re: [Shib-Dev] how to deliver personal infocard keyinfo to app?, Scott Cantor, 08/09/2008
- Re: [Shib-Dev] how to deliver personal infocard keyinfo to app?, Tom Scavo, 08/08/2008
- Message not available
- Re: [Shib-Dev] how to deliver personal infocard keyinfo to app?, Joana M. F. Trindade, 08/09/2008
Archive powered by MHonArc 2.6.16.