Re: [apps-discuss] [OAUTH-WG] [http-state] HTTP MAC Authentication Scheme

Nico Williams <nico@cryptonector.com> Wed, 08 June 2011 01:22 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3CE8111E8153; Tue, 7 Jun 2011 18:22:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.149
X-Spam-Level:
X-Spam-Status: No, score=-3.149 tagged_above=-999 required=5 tests=[AWL=-1.172, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NuR9xz6PGLW2; Tue, 7 Jun 2011 18:22:04 -0700 (PDT)
Received: from homiemail-a72.g.dreamhost.com (mailbigip.dreamhost.com [208.97.132.5]) by ietfa.amsl.com (Postfix) with ESMTP id 800AE11E80FE; Tue, 7 Jun 2011 18:22:04 -0700 (PDT)
Received: from homiemail-a72.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a72.g.dreamhost.com (Postfix) with ESMTP id 51EE46B0078; Tue, 7 Jun 2011 18:22:04 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=cryptonector.com; h=mime-version :in-reply-to:references:date:message-id:subject:from:to:cc :content-type:content-transfer-encoding; q=dns; s= cryptonector.com; b=dDjqdD+Ai35GrrIFdxLEjX0o7vLxXrewoJkw9M5BnP3K f4GtSOhqNN+ZXOI1lDbyNJ8OJJ3wkpOR9izCa/AOqVkVa7sV7t8fJsDry7E1CgH2 b3pjpxxR0FTNAJLagerEE96DWUAiaARx1sPC6HK3oW7Mimhhcs5qE/2ywxhh4ug=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type:content-transfer-encoding; s= cryptonector.com; bh=LLMXHPcMoJJiak5gDNxcrRWfRXY=; b=bHPsiZLUI6q g1fmiEjAS2ncEg27mtBAtEgeO4cefRAxI/3bi9SVxmotixxL0rzCRM0I7uC3jQKr Ua3kEg6Nnzf2TccGXP4LlBQgRIuNCb4mUmwJmZ0iLQpqWxSAnXokv7flrk8MJYaN mDLYCWxQ9imY6NsFgDbzRpvuvEZ653Zc=
Received: from mail-pz0-f44.google.com (mail-pz0-f44.google.com [209.85.210.44]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a72.g.dreamhost.com (Postfix) with ESMTPSA id 2319A6B0059; Tue, 7 Jun 2011 18:22:04 -0700 (PDT)
Received: by pzk5 with SMTP id 5so12781pzk.31 for <multiple recipients>; Tue, 07 Jun 2011 18:22:03 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.68.37.3 with SMTP id u3mr486208pbj.456.1307496123808; Tue, 07 Jun 2011 18:22:03 -0700 (PDT)
Received: by 10.68.50.39 with HTTP; Tue, 7 Jun 2011 18:22:03 -0700 (PDT)
In-Reply-To: <BANLkTik1yv0NdMBo-u=dzDhBnf6diqRrNg@mail.gmail.com>
References: <90C41DD21FB7C64BB94121FBBC2E723447581DA8EA@P3PW5EX1MB01.EX1.SECURESERVER.NET> <BANLkTikpQNyQdr9oWHhtJ7a7d-4ri0CNdA@mail.gmail.com> <09c801cc24c2$a05bae00$e1130a00$@packetizer.com> <BANLkTin30NVzYVV1m4gmyh42DWs-nSQpAg@mail.gmail.com> <00f101cc255e$2d426020$87c72060$@packetizer.com> <BANLkTimn8c72p5bjwHNapW9kVCVBmNbC4w@mail.gmail.com> <1307486600.48324.YahooMailNeo@web31808.mail.mud.yahoo.com> <BANLkTi==5LjD7vW74tqB_sbSHrLjsJE6+A@mail.gmail.com> <4DEEAD76.2090800@adida.net> <BANLkTik7LyPWssAb0EBmx11hK53hiwgmrA@mail.gmail.com> <BANLkTik1yv0NdMBo-u=dzDhBnf6diqRrNg@mail.gmail.com>
Date: Tue, 7 Jun 2011 20:22:03 -0500
Message-ID: <BANLkTingLB=21gcV8++WxkiB9-1RXv-7yg@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: Randy Fischer <randy.fischer@gmail.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Cc: "apps-discuss@ietf.org" <apps-discuss@ietf.org>, Ben Adida <ben@adida.net>, Adam Barth <adam@adambarth.com>, "http-state@ietf.org" <http-state@ietf.org>, "William J. Mills" <wmills@yahoo-inc.com>, HTTP Working Group <ietf-http-wg@w3.org>, OAuth WG <oauth@ietf.org>
Subject: Re: [apps-discuss] [OAUTH-WG] [http-state] HTTP MAC Authentication Scheme
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Jun 2011 01:22:05 -0000

On Tue, Jun 7, 2011 at 8:05 PM, Randy Fischer <randy.fischer@gmail.com> wrote:
> On Tue, Jun 7, 2011 at 7:09 PM, Nico Williams <nico@cryptonector.com> wrote:
>> Or am I missing something?
>
> Well, last I tried it under apache, at least, there was a hard limit
> on the length of
> a TLS stream.   Since I use HTTP for a storage system for multi-GB files,  I'd
> really love to see alternatives.

Really?  But if it'd have to be pretty short for the cost of the
subsequent TLS session resumption to add up to so much latency and
compute cost that you'd want to avoid using TLS.  Also, that sounds
like a fixable bug.  If you can implement this MAC proposal, you can
fix that bug.

Nico
--