The PKC-only application security model ...
Tom Scavo
trscavo at gmail.com
Wed Jul 23 21:56:51 EDT 2008
On Wed, Jul 23, 2008 at 6:32 PM, Thierry Moreau
<thierry.moreau at connotech.com> wrote:
>
> The document I published on my web site today is focused on fielding
> certificateless public operations with the TLS protocol which does not
> support client public keys without certificates - hence the meaningless
> security certificate.
As such, your document is directly applicable to a proposed standard
that is now winding its way through the OASIS process:
http://wiki.oasis-open.org/security/SamlHoKWebSSOProfile
The proponents of this variant of SAML Web Browser SSO have no
interest in an online database of public keys, but your profile is
relevant nonetheless, for its interoperability aspects.
You mentioned earlier that this may become an IETF RFC. Do I take
this to mean that your company holds no patent, copyright, trademark
or license rights that would prevent us from relying on your profile?
Thanks,
Tom Scavo
NCSA
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list