Getting a grasp on Heartbleed and IDPs
Wessel, Keith
kwessel at illinois.edu
Thu Apr 10 11:53:44 EDT 2014
All,
We've already taken actions on our IDP, but I'm trying to get a full understand of the potential impact while we were vulnerable.
If the IDP's private key was exposed (through connections to Apache connections to 8443), what could a hacker do with it? Could they intercept assertaions from our IDP and decrypt them? In short, what is the IDP key and cert used for?
My apologies if I missed this already discussed on the list. I tried to catch up on things, but I might have overlooked this answer.
Thanks,
Keith
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20140410/1e274784/attachment.html
More information about the users
mailing list