shibboleth-dev - Re: [Shib-Dev] [IdPv3] Security Config and Options

Subject: Shibboleth Developers

List archive

Re: [Shib-Dev] [IdPv3] Security Config and Options

From: Etienne Dysli <>
To:
Subject: Re: [Shib-Dev] [IdPv3] Security Config and Options
Date: Thu, 19 Aug 2010 14:40:42 +0200

On 06/08/10 13:46, Chad La Joie wrote:
> - Expose configuration options to control crypto algorithms used
> when signing and encrypting (e.g. using AES256 in signatures).
> Currently the IdP uses the lowest common denominator for each option.
> This was mentioned in previous email as well.
>
> - Expose configuration options that allow certain crypto algorithms
> to be blacklisted such that they will not be accepted if the SP uses
> them. This allows the IdP deployer to "ban" algorithms that they feel
> are too weak.

Good points. I love getting rid of the weaker ciphers were I can.

Regards,
Etienne

Attachment: signature.asc
Description: OpenPGP digital signature

Re: [Shib-Dev] [IdPv3] Security Config and Options, (continued)
- Re: [Shib-Dev] [IdPv3] Security Config and Options, Lukas Haemmerle, 08/06/2010
  - Re: [Shib-Dev] [IdPv3] Security Config and Options, Chad La Joie, 08/06/2010
- Re: [Shib-Dev] [IdPv3] Security Config and Options, Lukas Haemmerle, 08/06/2010
  - Re: [Shib-Dev] [IdPv3] Security Config and Options, Chad La Joie, 08/06/2010
    - Re: [Shib-Dev] [IdPv3] Security Config and Options, Lukas Haemmerle, 08/06/2010
      - Re: [Shib-Dev] [IdPv3] Security Config and Options, Chad La Joie, 08/06/2010
      - Re: [Shib-Dev] [IdPv3] Security Config and Options, Peter Schober, 08/06/2010
        
        Re: [Shib-Dev] [IdPv3] Security Config and Options, Lukas Haemmerle, 08/06/2010
        
        RE: [Shib-Dev] [IdPv3] Security Config and Options, Scott Cantor, 08/06/2010
- Re: [Shib-Dev] [IdPv3] Security Config and Options, Etienne Dysli, 08/19/2010
  - Re: [Shib-Dev] [IdPv3] Security Config and Options, Chad La Joie, 08/19/2010

List archive

Re: [Shib-Dev] [IdPv3] Security Config and Options