>>>>> "Klaas" == Klaas Wierenga (kwiereng) <[email protected]> writes:
Klaas> Also speaking as an individual. I do support the idea of
Klaas> using RadSec. However, I think that one reason why one would
Klaas> be willing to support SAML sigs is the simple fact that they
Klaas> exist today and presumably organizations might be willing to
Klaas> continu to use their existing practice for end to end
Klaas> protection. I realize that in some scenarios it will be
Klaas> impossible for the RP to verify the signature, but I'd say
Klaas> that in the majority of cases this is not more of a problem
Klaas> than it would be in RadSec (barring trust router
Klaas> implementations).
Sure, and for that reason, I think SAML sig validation implementation
should be a SHOULD. But I think for an MTI mechansim we should pick
something that actually protects the whole exchange.
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab
