On 01/07/14 10:05, Gabriel Lopez wrote:
>>> The assumption here is that the CA operator (or its RAs) can be trusted to
>>> issue a certificate bearing the peer's true identity more than the Trust
>>> Router operator can be trusted not to modify the DH exchange.
>> The problem is slightly more complex than that, but it depends on scale.
>> Is there 1 trust router operator or is there a network of operators?
>> If the trust router network is federating internationally, is there 100%
>> trust in every trust router operator? How far does that trust go?
>> Does that trust go as far as them knowing the identity and all SAML
>> attributes of authentication sessions that are initially routed through
>> that trust router?
> SAML attributes do not cross the TR, they are exchange directly between
> idP and RP.
>
> The discussion about to use a federated PKI or not is not a new topic in
> the list, you can see previous emails. The question is that in Moonshot,
> one of the requirements (and probably the most important one) (please,
> correct me if I'm wrong) is that a federated PKI is not desired.
>
>
Not by design, no. A simple modification of public DH key and the IP by
the Trust Router means it will get them, therefore the Trust Router must
be trusted to that extent given the current design.
Why would PKI not be desired? The only argument I can think of is that
we don't want centralized trust.. but this is what the Trust Router
currently is as well..
-- Wilco
|