Re: [apps-discuss] [OAUTH-WG] [http-state] HTTP MAC Authentication Scheme

On Wed, Jun 8, 2011 at 5:26 PM, Breno de Medeiros <> wrote:
> On Tue, Jun 7, 2011 at 17:07, Nico Williams <> wrote:
>> Here's another issue: some of you are saying that an application using
>> this extension will be using TLS for some things but not others, which
>> presumes a TLS session.  Does using TLS _with_ session resumption
>> _and_ HTTP/1.1 pipelining for all requests really cost that much more
>> in latency and compute (and electric) power than the proposed
>> alternative?  I seriously doubt it, and I'd like to see some real
>> analysis showing that I'm wrong before I'd accept such a rationale for
>> this sort of proposal.
> Google has performed detailed analysis of SSL performance after
> several optimizations and we have concluded that the answer is 'no
> significant overhead' as you suggest. Indeed, in some workload
> situations it may be actually cheaper to serve SSL traffic because
> there is reduction in network latency by avoiding bad proxies. We have
> published some results here:

Sweet!  Thanks for confirming my intuition, and then some.  I like the
idea that using TLS actually reduces latency -- I'd not have imagined


Received on Wednesday, 8 June 2011 22:30:41 UTC