On 10/02/2012 03:27 PM, Sam Hartman wrote: >>>>>> "Stephen" == Stephen Farrell <[email protected]> writes: > > Stephen> (jumping in with little context...) > > Stephen> On 10/02/2012 02:34 PM, Sam Hartman wrote: > >> I think that we need to have a mandatory-to-implement policy for > >> signature handling to guarantee interoperability. I think that > >> mandatory-to-implement policy should be ignore the signature in > >> all its bulk. > > Stephen> Defining signature "handling" as ignoring the signature > Stephen> would seem very insecure, no? How'd you justify that? > > But something that can actually be implemented. The idea that you could > actually construct a usable PKI is sufficiently preposterous that it > need not be considered:-) > > OK, now that we've squared off, let me try and make a serious > contribution.
:-) > The SAML signature mechanism is anselary to the security approach that > we're using for this. > I think a lot of us would like to not even support signatures in this > SAML binding because we believe that the hop-by-hop integrity is > sufficient and because those signatures will create interoperability > problems. Is there text somewhere that argues that hop-by-hop integrity is enough for abfab? Is that for all use-cases or just some? I reckon you'll need that text if "ignore signature" is the MUST implement. > It seems silly to me though to reject a request because it is signed > when you would hapilly accept the same request were the signature > stripped. I agree. After lots of debate, DKIM also passes on signatures even after they're sure to no longer be verifiable, so you have a good precedent for not stripping. OTOH, it also seems silly to say ignore signature is the MUST implement, if you're able to pass the signature around and it could in principle be verified. S. > > > _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
