[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [higgins-dev] Attack on CardSpace possible with CloudSelector?

Hello,

I think that what you say makes sense, but there's a part that I don't
understand:

> I think the Higgins cloud selector would be compromised by performing a DNS attack on the selector service as the easiest route.

Maybe I'm missing something, but I thought that the token does not go
directly to the RP. It is sent to the browser that then sends it to
the RP. Maybe I'm not getting the process right though... If the cloud
selector does not communicate directly to the RP, how would
compromising its DNS server help an attacker?

Thanks,
Jonathan