On 10/03/2012 11:57 AM, Josh Howlett wrote: > I agree that is an option; and it wouldn't be the end of the world if > that's where we end up.
Ok, good. (I mean its good that I'm not entirely misunderstanding what's possible, I do not mean that the option I described below is necessarily good.) > But I believe it would impede interoperable > deployments because it defers this discussion to implementers and users > who won't, on the whole, care about or understand the issues. I don't get that. Do you mean that the presence of the signature and signature-verification code would lead implementers to throw an exception if they don't have the right keys to verify the signature? Surely that'd depend on what you tell them, e.g. whether you say they SHOULD or MAY verify the signature and about the consequences (or lack thereof) of not verifying the signature. And all of these options seem to depend on having a good argument that hop-by-hop integrity is ok. Is that already written down somewhere? If not, it'll need to be. (I keep harping on about that because I worry that hop-by-hop may turn out to only be ok in some use-cases/deployments.) > I would > prefer to have a simple interoperable solution that works for 99% of the > users than a less constrained but accordingly more complex solution that > satisfies the remaining 1%. #include <motherhoodandapplepie.h> // :-) S > > (This is, as I understand it, the reason why the SAML community ended up > with the 'Metadata Interoperability Profile'; which constrains the > possible expressible trust semantics of SAML 2.0 federation metadata to > facilitate interop). > > Josh. > > On 02/10/2012 17:03, "Stephen Farrell" <[email protected]> wrote: > >> >> I had a quick look at the -03 draft and I'm confused. >> >> Are "ignore signatures is the MUST implement" and >> "MUST NOT sign" the only real options? >> >> For example, I don't get why "IdP MAY sign + >> RP is NOT REQUIRED to verify signature + >> RP MUST implement signature verification" >> is not an option. (Assuming you add text that >> justifies why hop-by-hop integrity is ok.) >> >> Note: I'm not saying that the above is what >> you ought do, I'm saying I don't get why its >> not possible. >> >> S. >> >> On 10/02/2012 04:47 PM, Sam Hartman wrote: >>> OK, I'm with Josh. This is going to be one of those cases where digging >>> in heals now and saying MUST NOT sign will save us political grief >>> later. A lot of people like Stephen are going to look at ignore >>> signatures and complain, where as they would be more willing to accept >>> that we're simply not using per-message signatures at all. It's >>> unfortunate because I do think there ar situations where signatures are >>> valuable. However, I'm imagining that we're going to be having this >>> argument again and again and again and it just won't be worth the cost. >>> >>> > > > Janet is a trading name of The JNT Association, a company limited > by guarantee which is registered in England under No. 2881024 > and whose Registered Office is at Lumen House, Library Avenue, > Harwell Oxford, Didcot, Oxfordshire. OX11 0SG > > > _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
