AW: back-channel on front-channel port
Bergmann, Clemens
clemens.bergmann at tu-darmstadt.de
Tue Jun 29 05:51:28 UTC 2021
Hi Scott,
thanks again for the fast reply but I don't understand fully what you are recommending.
Do I understand you correctly that you suggest that certificate authentication is not needed nowadays and therefore the additional port can be ignored?
Mit freundlichen Grüßen
Clemens Bergmann
--
Clemens Bergmann
Gruppe Nutzermanagement und Entwicklung
Technische Universität Darmstadt
Hochschulrechenzentrum, Alexanderstraße 2, 64289 Darmstadt
Tel. +49 6151 16 71184
http://www.hrz.tu-darmstadt.de/
> -----Ursprüngliche Nachricht-----
> Von: users <users-bounces at shibboleth.net> Im Auftrag von Cantor, Scott
> Gesendet: Montag, 28. Juni 2021 16:34
> An: Shib Users <users at shibboleth.net>
> Betreff: Re: back-channel on front-channel port
>
> You don't have to do anything special, and no, you can't really rely on
> certificate authentication like that, it doesn't work reliably when it's not host-
> based and there's no intent that it would work. The messages are signed
> instead, and the possibility of MITM exposure is simply ignored.
>
> -- Scott
>
>
> --
> For Consortium Member technical support, see
> https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to users-
> unsubscribe at shibboleth.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6377 bytes
Desc: not available
URL: <http://shibboleth.net/pipermail/users/attachments/20210629/6186e1ce/attachment.p7s>
More information about the users
mailing list