[128825] in cryptography@c2.net mail archive
Re: The PKC-only application security model ...
daemon@ATHENA.MIT.EDU (Thierry Moreau)
Thu Jul 24 15:34:45 2008
Date: Thu, 24 Jul 2008 07:21:20 -0500
From: Thierry Moreau <thierry.moreau@connotech.com>
To: Cryptography List <cryptography@metzdowd.com>
In-Reply-To: <ea2af9bd0807231856h3b62f330y32733d98e8db4aa@mail.gmail.com>
Tom Scavo wrote:
> On Wed, Jul 23, 2008 at 6:32 PM, Thierry Moreau
> <thierry.moreau@connotech.com> wrote:
>
>>The document I published on my web site today is focused on fielding
>>certificateless public operations with the TLS protocol which does not
>>support client public keys without certificates - hence the meaningless
>>security certificate.
>
>
> As such, your document is directly applicable to a proposed standard
> that is now winding its way through the OASIS process:
>
> http://wiki.oasis-open.org/security/SamlHoKWebSSOProfile
>
> The proponents of this variant of SAML Web Browser SSO have no
> interest in an online database of public keys, but your profile is
> relevant nonetheless, for its interoperability aspects.
Thanks, I will look into this.
> You mentioned earlier that this may become an IETF RFC. Do I take
> this to mean that your company holds no patent, copyright, trademark
> or license rights that would prevent us from relying on your profile?
Neither patent nor patent application for the matter contained in the
referenced document.
--
- Thierry Moreau
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
