Getting a grasp on Heartbleed and IDPs
Cantor, Scott
cantor.2 at osu.edu
Tue Apr 15 12:36:56 EDT 2014
On 4/15/14, 11:01 AM, "Liam Hoekenga" <liamr at umich.edu> wrote:
>
>Would it be reasonable to consider using the front channel / browser
>facing cert to secure the backchannel?
No.
>What would be the downside?
Many, starting with the fact that it changes every year or two, and that
often results in the key changing perodically. It's also non-self-signed,
which triggers bad side effects in a lot of other implementations.
> (The calling SP would have to have the CA cert that was being used,
>right?)
Not Shibboleth. Others yes, maybe, possibly. That's the point. It solves
nothing and breaks lots of things.
-- Scott
More information about the users
mailing list