shibboleth-dev - RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs
Subject: Shibboleth Developers
List archive
RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs
Chronological Thread
- From: Peter Williams <>
- To: "" <>
- Subject: RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs
- Date: Wed, 9 Feb 2011 08:52:02 -0800
- Accept-language: en-US
- Acceptlanguage: en-US
Or you use the (relevant?) "certificate-authentication" option of infocards,
which drives a more palatable and modern "client TLS" experience.
Cert-auth is a composite system of 2 component assurances: in which the
client cert used on the "outer" transport of the token has to match the cert
supporting the "inner" signed saml token.
Think channel bindings, now, since one has the outer:inner pattern, and
tokens handlers (like channels handlers) can be MITM'ed.
-----Original Message-----
From:
[mailto:]
On Behalf Of Cantor, Scott E.
Sent: Wednesday, February 09, 2011 8:06 AM
To:
Subject: RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for
application Session IDs
Of course, if you use client TLS, that's a perfect solution, but not
generally relevant.
-- Scott
- [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Chad La Joie, 02/09/2011
- RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Rod Widdowson, 02/09/2011
- Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Kristof Bajnok, 02/09/2011
- Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Chad La Joie, 02/09/2011
- RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Cantor, Scott E., 02/09/2011
- Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Chad La Joie, 02/09/2011
- RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Peter Williams, 02/09/2011
- RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Cantor, Scott E., 02/09/2011
- Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Chad La Joie, 02/09/2011
- RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Peter Williams, 02/09/2011
- RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Cantor, Scott E., 02/09/2011
- RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Cantor, Scott E., 02/09/2011
- Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Bradley Schwoerer, 02/09/2011
- Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Cantor, Scott E., 02/09/2011
- Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Michael J. Wheeler, 02/09/2011
- Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Eric Norman, 02/09/2011
- Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Cantor, Scott E., 02/09/2011
- Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Kaspar Brand, 02/10/2011
- RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Cantor, Scott E., 02/10/2011
- Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Bradley Schwoerer, 02/09/2011
- RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Cantor, Scott E., 02/09/2011
- RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Cantor, Scott E., 02/09/2011
Archive powered by MHonArc 2.6.16.