Shibboleth Developers

[Chad La Joie <>]

Yeah, but you need to be careful.  There are products out there that 
simply can't handle anything but the weakest of options.  So, I'm sure 
when people try to ratchet up the algos they use, there will be issues.

On 8/19/10 8:40 AM, Etienne Dysli wrote:
> On 06/08/10 13:46, Chad La Joie wrote:
> > - Expose configuration options to control crypto algorithms used
> > when signing and encrypting (e.g. using AES256 in signatures).
> > Currently the IdP uses the lowest common denominator for each option.
> > This was mentioned in previous email as well.
> >
> > - Expose configuration options that allow certain crypto algorithms
> > to be blacklisted such that they will not be accepted if the SP uses
> > them. This allows the IdP deployer to "ban" algorithms that they feel
> > are too weak.
>
> Good points. I love getting rid of the weaker ciphers were I can.
>
> Regards,
>    Etienne

--
Chad La Joie
http://itumi.biz
trusted identities, delivered