The PKC-only application security model ...
Thierry Moreau
thierry.moreau at connotech.com
Thu Jul 24 08:21:20 EDT 2008
Tom Scavo wrote:
> On Wed, Jul 23, 2008 at 6:32 PM, Thierry Moreau
> <thierry.moreau at connotech.com> wrote:
>
>>The document I published on my web site today is focused on fielding
>>certificateless public operations with the TLS protocol which does not
>>support client public keys without certificates - hence the meaningless
>>security certificate.
>
>
> As such, your document is directly applicable to a proposed standard
> that is now winding its way through the OASIS process:
>
> http://wiki.oasis-open.org/security/SamlHoKWebSSOProfile
>
> The proponents of this variant of SAML Web Browser SSO have no
> interest in an online database of public keys, but your profile is
> relevant nonetheless, for its interoperability aspects.
Thanks, I will look into this.
> You mentioned earlier that this may become an IETF RFC. Do I take
> this to mean that your company holds no patent, copyright, trademark
> or license rights that would prevent us from relying on your profile?
Neither patent nor patent application for the matter contained in the
referenced document.
--
- Thierry Moreau
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list