Support for EC crypto?

Stefan Santesson stefan at aaa-sec.com
Sun Sep 13 16:35:33 EDT 2015


Thanks Scott!

On the same subject, what about AEAD instead of CBC for encrypted Assertions?

/Stefan





On 13/09/15 19:55, "users on behalf of Cantor, Scott" <users-bounces at shibboleth.net on behalf of cantor.2 at osu.edu> wrote:

>On 9/13/15, 5:16 AM, "users on behalf of Stefan Santesson" <users-bounces at shibboleth.net on behalf of stefan at aaa-sec.com> wrote:
>
>>Is there any known limitations of Shibboleth and other major SAML product with regards to algorithm support, in particular EC.
>
>It's never gotten much testing, and zero interest, so I'm not prepared to even speculate much on what might work or not.
>
>The SP's support for it would be dependent on the OpenSSL build. EC support was added I think to xml-security-c 1.7.0 and I'm fairly sure doesn't go back before V2.5.
>
>Don't know about the old IdP. It's in about the same state in V3 as with the SP, largely untested.
>
>I would be surprised if it worked much at all on any other implementations.
>
>-- Scott
>
>-- 
>To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net



More information about the users mailing list