Re: [OAUTH-WG] [http-state] [apps-discuss] HTTP MAC Authentication Scheme

On Tue, Jun 7, 2011 at 8:05 PM, Randy Fischer <> wrote:
> On Tue, Jun 7, 2011 at 7:09 PM, Nico Williams <> wrote:
>> Or am I missing something?
> Well, last I tried it under apache, at least, there was a hard limit
> on the length of
> a TLS stream.   Since I use HTTP for a storage system for multi-GB files,  I'd
> really love to see alternatives.

Really?  But if it'd have to be pretty short for the cost of the
subsequent TLS session resumption to add up to so much latency and
compute cost that you'd want to avoid using TLS.  Also, that sounds
like a fixable bug.  If you can implement this MAC proposal, you can
fix that bug.


Received on Wednesday, 8 June 2011 01:22:27 UTC