W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2011

Re: [OAUTH-WG] [http-state] [apps-discuss] HTTP MAC Authentication Scheme

From: Nico Williams <nico@cryptonector.com>
Date: Tue, 7 Jun 2011 20:22:03 -0500
Message-ID: <BANLkTingLB=21gcV8++WxkiB9-1RXv-7yg@mail.gmail.com>
To: Randy Fischer <randy.fischer@gmail.com>
Cc: Ben Adida <ben@adida.net>, "William J. Mills" <wmills@yahoo-inc.com>, "Paul E. Jones" <paulej@packetizer.com>, "apps-discuss@ietf.org" <apps-discuss@ietf.org>, Adam Barth <adam@adambarth.com>, "http-state@ietf.org" <http-state@ietf.org>, HTTP Working Group <ietf-http-wg@w3.org>, OAuth WG <oauth@ietf.org>
On Tue, Jun 7, 2011 at 8:05 PM, Randy Fischer <randy.fischer@gmail.com> wrote:
> On Tue, Jun 7, 2011 at 7:09 PM, Nico Williams <nico@cryptonector.com> wrote:
>> Or am I missing something?
>
> Well, last I tried it under apache, at least, there was a hard limit
> on the length of
> a TLS stream.   Since I use HTTP for a storage system for multi-GB files,  I'd
> really love to see alternatives.

Really?  But if it'd have to be pretty short for the cost of the
subsequent TLS session resumption to add up to so much latency and
compute cost that you'd want to avoid using TLS.  Also, that sounds
like a fixable bug.  If you can implement this MAC proposal, you can
fix that bug.

Nico
--
Received on Wednesday, 8 June 2011 01:22:27 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:41 GMT