On 8 Nov 2012, at 19:28 , Sam Hartman wrote: > If you're going to use RADSEC with a public-key based TLS cipher or if > you're going to use SAML signatures, you need the public key of the > signer, yes. > I think the people proposing validation of signatures as an MTI were > aware that public-keys would be needed to make use of signatures. > So, I think both RADSEC and SAML signatures have similar requirements > for public-keys in typical deployments. > A PKI is one approach for getting these public keys.
Right. In any case you need a key distribution mechanism, PKI or whatever. To my view, the difference is that in the case of RADSEC you put the trust fabric on the same AAA infrastructure you are using through ABFAB, while relying on SAML signatures require a trust fabric on an ancilliary infrastructure. Be goode, -- "Esta vez no fallaremos, Doctor Infierno" Dr Diego R. Lopez Telefonica I+D http://people.tid.es/diego.lopez/ e-mail: [email protected] Tel: +34 913 129 041 Mobile: +34 682 051 091 ----------------------------------------- ________________________________ Este mensaje se dirige exclusivamente a su destinatario. Puede consultar nuestra política de envío y recepción de correo electrónico en el enlace situado más abajo. This message is intended exclusively for its addressee. We only send and receive email on the basis of the terms set out at: http://www.tid.es/ES/PAGINAS/disclaimer.aspx _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
