On 8 nov. 2012, at 15:24, "Leif Johansson" <[email protected]> wrote:
> On 11/08/2012 08:42 PM, Sam Hartman wrote: >> >> Folks, I've been thinking about the mandatory to implement signature >> validation issue. The more I think about it, the more I agree with >> stephen and Scott that end-to-end security is important for ABFAB. It >> won't always be used; just as with other technologies, people will >> sometimes want to introduce middleboxes. However it's important to have >> a way of talking to the ends. >> >> However, I think SAML signatures are the wrong level to accomplish >> thit. >> The issue is that there's a lot of important stuff in ABFAB that comes >> in AAA not SAML. >> All the concerns about SAML can apply to the AAA elements. >> >> I was asking myself why Moonshot doesn't worry about this. >> Then I realized that we do. >> we're going out of our way to set up end-to-end RADSEC. >> We get protection of the SAML, but we also get protection of the AAA >> attributes. >> >> RADSEC can be used in a hop-by-hop manner. However, RADSEC is specified >> with a lot of thought towards enabling end-to-end uses. Multiple >> technologies, including the dynamic SRV-based mechanism and Moonshot's >> trust router are evolving to make end-to-end RADSEC easier to deploy. >> >> So, I think that RADSEC is a better MTI security technology for ABFAB >> than signature validation. >> I'd prefer to make RADSEC a MUST and SAML signature validation a SHOULD. >> >> I've run this by Alan, Josh, Scott and Jim. They seemed to like the >> idea, so I'm presenting it here. >> >> Note that there is a process issue with RADSEC; it's not >> standards-track. Let's assume for the moment that I can come up with a >> solution to that (I believe I have two avenues to approach) >> do we believe that if we can make it work that would be the right >> technical approach? > > Speaking as an individual I'll note that currently RADSEC depends > on some form of public key management that is at least nominally > no better or worse than the key management you'd need to do this > using SAML. Also speaking as an individual. I do support the idea of using RadSec. However, I think that one reason why one would be willing to support SAML sigs is the simple fact that they exist today and presumably organizations might be willing to continu to use their existing practice for end to end protection. I realize that in some scenarios it will be impossible for the RP to verify the signature, but I'd say that in the majority of cases this is not more of a problem than it would be in RadSec (barring trust router implementations). Klaas > > Cheers Leif > _______________________________________________ > abfab mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/abfab _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
