Re: [OAUTH-WG] [http-state] [apps-discuss] HTTP MAC Authentication Scheme from Nico Williams on 2011-06-08 (ietf-http-wg@w3.org from April to June 2011)

From: Nico Williams <nico@cryptonector.com>
Date: Tue, 7 Jun 2011 20:22:03 -0500
To: Randy Fischer <randy.fischer@gmail.com>
Cc: Ben Adida <ben@adida.net>, "William J. Mills" <wmills@yahoo-inc.com>, "Paul E. Jones" <paulej@packetizer.com>, "apps-discuss@ietf.org" <apps-discuss@ietf.org>, Adam Barth <adam@adambarth.com>, "http-state@ietf.org" <http-state@ietf.org>, HTTP Working Group <ietf-http-wg@w3.org>, OAuth WG <oauth@ietf.org>
Message-ID: <BANLkTingLB=21gcV8++WxkiB9-1RXv-7yg@mail.gmail.com>

On Tue, Jun 7, 2011 at 8:05 PM, Randy Fischer <randy.fischer@gmail.com> wrote:
> On Tue, Jun 7, 2011 at 7:09 PM, Nico Williams <nico@cryptonector.com> wrote:
>> Or am I missing something?
>
> Well, last I tried it under apache, at least, there was a hard limit
> on the length of
> a TLS stream.   Since I use HTTP for a storage system for multi-GB files,  I'd
> really love to see alternatives.

Really?  But if it'd have to be pretty short for the cost of the
subsequent TLS session resumption to add up to so much latency and
compute cost that you'd want to avoid using TLS.  Also, that sounds
like a fixable bug.  If you can implement this MAC proposal, you can
fix that bug.

Nico
--

Received on Wednesday, 8 June 2011 01:22:27 UTC