per-entity - Re: [Per-Entity] implementing a cache on the client
Please Wait...
per-entity@incommon.org
Subject: Per-Entity Metadata Working Group
List archive
- From: "Cantor, Scott" <cantor.2@osu.edu>
- To: Nick Roy <nroy@internet2.edu>, Thomas Scavo <trscavo@internet2.edu>, "David Walker" <dwalker@internet2.edu>
- Cc: "per-entity@incommon.org" <per-entity@incommon.org>
- Subject: Re: [Per-Entity] implementing a cache on the client
- Date: Thu, 28 Jul 2016 22:45:56 +0000
- Accept-language: en-US
- Authentication-results: spf=pass (sender IP is 164.107.81.222) smtp.mailfrom=osu.edu; incommon.org; dkim=none (message not signed) header.d=none;incommon.org; dmarc=bestguesspass action=none header.from=osu.edu;
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:99
On 7/28/16, 5:46 PM,
"per-entity-request@incommon.org
on behalf of Nick Roy"
<per-entity-request@incommon.org
on behalf of
nroy@internet2.edu>
wrote:
> Securing the MDQ server with the key you're using to sign metadata seems
> like the worst > possible approach because you're putting that signing key
> at risk by having it on a live, > Internet-facing server.
Probably getting into the weeds here, but sure, you'd probably chain the TLS
key off of the real key and assume that your TLS-client software can leverage
that path to verify the server, or something like that. Or it could be a
totally disjoint key.
-- Scott
- RE: [Per-Entity] implementing a cache on the client, (continued)
- RE: [Per-Entity] implementing a cache on the client, Cantor, Scott, 07/28/2016
- Re: [Per-Entity] implementing a cache on the client, Tom Scavo, 07/28/2016
- Re: [Per-Entity] implementing a cache on the client, Tom Mitchell, 07/28/2016
- RE: [Per-Entity] implementing a cache on the client, Cantor, Scott, 07/28/2016
- Re: [Per-Entity] implementing a cache on the client, Tom Scavo, 07/28/2016
- Re: [Per-Entity] implementing a cache on the client, David Walker, 07/28/2016
- Re: [Per-Entity] implementing a cache on the client, Tom Scavo, 07/28/2016
- Re: [Per-Entity] implementing a cache on the client, David Walker, 07/28/2016
- Re: [Per-Entity] implementing a cache on the client, Tom Scavo, 07/28/2016
- Re: [Per-Entity] implementing a cache on the client, Nick Roy, 07/28/2016
- Re: [Per-Entity] implementing a cache on the client, Cantor, Scott, 07/28/2016
- Re: [Per-Entity] implementing a cache on the client, Tom Scavo, 07/28/2016
- Re: [Per-Entity] implementing a cache on the client, Jorj Bauer, 07/28/2016
- Re: [Per-Entity] implementing a cache on the client, Cantor, Scott, 07/28/2016
- Re: [Per-Entity] implementing a cache on the client, Tom Scavo, 07/28/2016
- Re: [Per-Entity] implementing a cache on the client, Cantor, Scott, 07/27/2016
- Re: [Per-Entity] implementing a cache on the client, Walter Forbes Hoehn (wassa), 07/27/2016
- Re: [Per-Entity] implementing a cache on the client, Tom Scavo, 07/27/2016
Archive powered by MHonArc 2.6.19.