per-entity - RE: [Per-Entity] Does MDQ with single entity signing result in shorter usage periods for the signing key?

Subject: Per-Entity Metadata Working Group

List archive

RE: [Per-Entity] Does MDQ with single entity signing result in shorter usage periods for the signing key?

From: "Cantor, Scott" <>
To: Thomas Lenggenhager <>, Ian Young <>
Cc: Per-Entity Metadata Working Group <>
Subject: RE: [Per-Entity] Does MDQ with single entity signing result in shorter usage periods for the signing key?
Date: Thu, 4 Aug 2016 13:55:10 +0000
Accept-language: en-US
Authentication-results: spf=pass (sender IP is 164.107.81.220) smtp.mailfrom=osu.edu; iay.org.uk; dkim=none (message not signed) header.d=none;iay.org.uk; dmarc=bestguesspass action=none header.from=osu.edu;
Spamdiagnosticmetadata: NSPM
Spamdiagnosticoutput: 1:99

> Thank you, Ian, for sharing your thoughts on it. So no further
> requirements in this respect.

No, and if there were, think about what that means for IdPs and their signing
keys. A typical IdP at a campus might issue 500,000 or more assertions a day,
and every one of those is signed with the same key.

-- Scott

[Per-Entity] Does MDQ with single entity signing result in shorter usage periods for the signing key?, Thomas Lenggenhager, 08/04/2016
- Re: [Per-Entity] Does MDQ with single entity signing result in shorter usage periods for the signing key?, Ian Young, 08/04/2016
  - Re: [Per-Entity] Does MDQ with single entity signing result in shorter usage periods for the signing key?, Ian Young, 08/04/2016
    - Re: [Per-Entity] Does MDQ with single entity signing result in shorter usage periods for the signing key?, Thomas Lenggenhager, 08/04/2016
      - RE: [Per-Entity] Does MDQ with single entity signing result in shorter usage periods for the signing key?, Cantor, Scott, 08/04/2016

List archive

RE: [Per-Entity] Does MDQ with single entity signing result in shorter usage periods for the signing key?