Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Shibboleth Developer's Meeting, June 7, 2013

...

60 to 90 minute call window.


Brent

Just looking at the notes on the wiki. The Decryper/BC issue has nothing to do with keypair verification.

The issue is: a symmetric key is encrypted with public key from key pair A. If it is attempted to be decrypted with private key from key pair B, BC sometimes intermittenly throws a runtime exception, as opposed to the correct checked exception, merely indicating decryption failure.

And FYI, we already have a KeyPair "verification" method in OpenSAML that does pretty much the same thing as the vt-crypt isKeyPair method.

 

 

Daniel

 

Ian

Went to Maastricht for REFEDS.

...

Memcached storage service code review.

 

Rod


Scott

 Fixed a late reported Apache 2.4 issue with "require valid-user", posted summary to dev list. Need to update documentation on it.

...

Jenkins build and BC.

shib-users email ?

 

Other

https://spaces.internet2.edu/display/scalepriv/Scalable+Privacy

Notes

Daniel summarized the BC/Santuario runtime exception w/RSA keypair verification on behalf of Brent. The issue resulted in a forthcoming vt-crypt feature request to make installation of BC provider optional (currently happens by default). Discussion followed about what components to ship with IdP and the tradeoff between a supported set of system components versus increased maintenance costs w/r/t security and defects.

Ian discussed REFEDS conference and mentioned increasing membership costs and the need for a private forum for operators to have frank, technical discussion. Mentioned "WebFinger" – everything should be discoverable.

Marvin fielded some questions from Tom about memcached storage service specifically and clustering generally. Tom tagged Marvin as a resource for clustering/HA expertise.

Rod briefly summarized work on attribute resolvers.

 

From Marvin:RE the RSA key matching issue, Chad requested a feature of vt-crypt a while back that provided keypair verification.

https://code.google.com/p/vt-middleware/source/browse/vt-crypt/trunk/src/main/java/edu/vt/middleware/crypt/asymmetric/PublicKeyUtils.java?spec=svn2382&r=2382

AFAICT use of PublicKeyUtils.isKeyPair(PublicKey, PrivateKey) would have avoided the BC/Santuario runtime exception issue.