shibboleth-dev - Re: [Shib-Dev] [IdPv3] Security Config and Options
Subject: Shibboleth Developers
List archive
- From: Peter Schober <>
- To:
- Subject: Re: [Shib-Dev] [IdPv3] Security Config and Options
- Date: Fri, 6 Aug 2010 15:53:39 +0200
- Organization: Vienna University Computer Center
* Lukas Haemmerle
<>
[2010-08-06 15:48]:
> So, do you think will it be enabled in the default config?
As Scott mentioned, signing outgoing requests exposes the SP itself to
trivial DoS attacks because every unauthenticated HTTP request will
result in a signing operation on the SP (and SPs usually don't have
HSMs).
So the safe choice is probably to default both to off (no signing of
requests on the SP, no skipping of ACS URL checking even for signed
requests on the IdP).
-peter
- [Shib-Dev] [IdPv3] Security Config and Options, Chad La Joie, 08/06/2010
- Re: [Shib-Dev] [IdPv3] Security Config and Options, Lukas Haemmerle, 08/06/2010
- Re: [Shib-Dev] [IdPv3] Security Config and Options, Chad La Joie, 08/06/2010
- Re: [Shib-Dev] [IdPv3] Security Config and Options, Lukas Haemmerle, 08/06/2010
- Re: [Shib-Dev] [IdPv3] Security Config and Options, Chad La Joie, 08/06/2010
- Re: [Shib-Dev] [IdPv3] Security Config and Options, Lukas Haemmerle, 08/06/2010
- Re: [Shib-Dev] [IdPv3] Security Config and Options, Chad La Joie, 08/06/2010
- Re: [Shib-Dev] [IdPv3] Security Config and Options, Lukas Haemmerle, 08/06/2010
- Re: [Shib-Dev] [IdPv3] Security Config and Options, Chad La Joie, 08/06/2010
- Re: [Shib-Dev] [IdPv3] Security Config and Options, Peter Schober, 08/06/2010
- Re: [Shib-Dev] [IdPv3] Security Config and Options, Lukas Haemmerle, 08/06/2010
- RE: [Shib-Dev] [IdPv3] Security Config and Options, Scott Cantor, 08/06/2010
- Re: [Shib-Dev] [IdPv3] Security Config and Options, Lukas Haemmerle, 08/06/2010
- Re: [Shib-Dev] [IdPv3] Security Config and Options, Lukas Haemmerle, 08/06/2010
- Re: [Shib-Dev] [IdPv3] Security Config and Options, Chad La Joie, 08/06/2010
- Re: [Shib-Dev] [IdPv3] Security Config and Options, Etienne Dysli, 08/19/2010
- Re: [Shib-Dev] [IdPv3] Security Config and Options, Chad La Joie, 08/19/2010
- Re: [Shib-Dev] [IdPv3] Security Config and Options, Lukas Haemmerle, 08/06/2010
Archive powered by MHonArc 2.6.16.