AW: back-channel on front-channel port
clemens.bergmann at tu-darmstadt.de
Tue Jun 29 05:51:28 UTC 2021
thanks again for the fast reply but I don't understand fully what you are recommending.
Do I understand you correctly that you suggest that certificate authentication is not needed nowadays and therefore the additional port can be ignored?
Mit freundlichen Grüßen
Gruppe Nutzermanagement und Entwicklung
Technische Universität Darmstadt
Hochschulrechenzentrum, Alexanderstraße 2, 64289 Darmstadt
Tel. +49 6151 16 71184
> -----Ursprüngliche Nachricht-----
> Von: users <users-bounces at shibboleth.net> Im Auftrag von Cantor, Scott
> Gesendet: Montag, 28. Juni 2021 16:34
> An: Shib Users <users at shibboleth.net>
> Betreff: Re: back-channel on front-channel port
> You don't have to do anything special, and no, you can't really rely on
> certificate authentication like that, it doesn't work reliably when it's not host-
> based and there's no intent that it would work. The messages are signed
> instead, and the possibility of MITM exposure is simply ignored.
> -- Scott
> For Consortium Member technical support, see
> To unsubscribe from this list send an email to users-
> unsubscribe at shibboleth.net
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 6377 bytes
Desc: not available
More information about the users