[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [higgins-dev] Attack on CardSpace possible with CloudSelector?
- From: Jonathan Tellier <jonathan.tellier@xxxxxxxxx>
- Date: Sun, 28 Mar 2010 19:18:14 -0400
- Delivered-to: email@example.com
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:received:message-id:subject:from:to:content-type; bh=ux7FtkLG1Fklg995VHmu6e0vYDTh2tZcIfmQtZoV8Ik=; b=N6qJxl+sLk83A0MOv6plT63Ycmug35yDF7LgoANGLx+fO/Q6n6uKRxwd5DV9U9TzzQ z2n1TkyTbE5ZOUR7FNzMsr1nFTa9weFLVWnKCCZV373gSfp0QYcKJ7o84GEMm8To6v5m yBC+RT/5J1rNLo+IsdgaRPaSAM/4N9GeuHYH0=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=RWniGAxH57m4c9Xy/PNtr3msvmAHPln1j5IIXpk4JAnF9wL5QTjiYL9Y/Vtv2tnNNZ wdyE+ffV+zTANzzFV2b9JUlyLmr9I9Q7h+2zGZcdvso+pbpPqYi/c6W2GAMy2duLzMEN SOmj46TOXbf85YHrjLYuGsZJ4WEU/UoAAp/Vw=
I think that what you say makes sense, but there's a part that I don't
> I think the Higgins cloud selector would be compromised by performing a DNS attack on the selector service as the easiest route.
Maybe I'm missing something, but I thought that the token does not go
directly to the RP. It is sent to the browser that then sends it to
the RP. Maybe I'm not getting the process right though... If the cloud
selector does not communicate directly to the RP, how would
compromising its DNS server help an attacker?