Re: Updated IdP to new spec.

On 29 Nov 2011, at 00:43, Mo McRoberts wrote:

> > How many keys can we have in a single profile, so that it will not look
> > like a DoS attack?
> 
> Anything fewer than about a hundred would strike me as needlessly limiting.
> 
> Extracting the modulus and exponent from a key and then iterating the cert:modulus and cert:exponent triples in the profile and comparing them shouldn’t really be a slow operation (not to the point of ~30 keys timing out) — how are you going about it?
> 
I agree, though I really think we don't need a limit. The limit will be common set by common sense and the technical environment: just like there is a limit to the size of web pages that is related to how long it takes to download a page. Make a web page too big and people will stop. Make your profile too big and it will take you longer to log into providers, and if you make it huge, they may just stop downloading - I know I may well if I get something  above 200kbytes at this point.

The ASK query in comparison is super efficient: find the modulus first, then find the rest. Should never take you longer than the process of finding the modulus.

Having more than one public key though is really important, so I definitively vote against limiting it to 1.

Henry

> 
> M.
> 
> 
> 
>  
> 
> http://www.bbc.co.uk
> This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated.
> If you have received it in error, please delete it from your system.
> Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately.
> Please note that the BBC monitors e-mails sent or received.
> Further communication will signify your consent to this.

Social Web Architect
http://bblfish.net/