Trouble with signature filter skipping
Cantor, Scott
cantor.2 at osu.edu
Fri Sep 14 13:25:49 EDT 2018
On 9/14/18, 10:55 AM, "users on behalf of Guillaume Rousse" <users-bounces at shibboleth.net on behalf of guillaume.rousse at renater.fr> wrote:
> This would achieve caching in addition to backup. If such a change is
> considered favorable, I'd be ready to contribute it myself.
The problem isn't downloading the file, it's parsing it, and fixing that would be a massive change, and risky, and it solves a problem you're creating yourself by doing something the SP absolutely doesn't want you do to. Metadata is meant to be loaded globally, not per-override, and something of this size makes no sense to load any other way.
> Is it a design decision, or merely an implementation issue ?
> Because that's quite counter-intuitive, and also prevents to exchange signature
> checking in favor of metadata source authentication, which doesn't
> suffer from CPU usage bottleneck.
Both. The trust model is inherently based on signed metadata that can't be modified in transit or by network proxies, and even if it weren't, a model based on a key that has to be exposed to a web server has very different risks. I realize that people are doing dynamic metadata by doing online signing too, but they don't have to, it's possible to segregate the signing operations with a key that is very far from wide exposure to network access.
You're suggesting putting a CA online. That is a bad idea.
-- Scott
More information about the users
mailing list