Re: [apps-discuss] [OAUTH-WG] [http-state] HTTP MAC Authentication Scheme

Bjartur Thorlacius <svartman95@gmail.com> Mon, 13 June 2011 15:45 UTC

Return-Path: <svartman95@gmail.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 74F2E11E8072; Mon, 13 Jun 2011 08:45:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c+mjzCwzzNVK; Mon, 13 Jun 2011 08:45:01 -0700 (PDT)
Received: from mail-gx0-f172.google.com (mail-gx0-f172.google.com [209.85.161.172]) by ietfa.amsl.com (Postfix) with ESMTP id 59BD511E80D9; Mon, 13 Jun 2011 08:45:00 -0700 (PDT)
Received: by gxk19 with SMTP id 19so4116763gxk.31 for <multiple recipients>; Mon, 13 Jun 2011 08:44:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=1tjUbpJ2L4XoEaTJI1CgNC/2eMAtanVrxdlaOqFwNVw=; b=xsjbuawlyqVvM8dNaIt+hZvoi7cjBkoNCalXeD8hnGQviLy0c2e6yKugXDxCI16sMq VciyuOX5bvPzGuVOmFlqFpJCjG1mWtSAqdtDAuMv4eLmt/TDdVH+ju9Lus+/pHiSuJiZ Z64KaWB4u+czRSzX3RMck4S2Ciiv9Q7TKH1Ko=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=dyg1l3I0wQ0UcFt8XKzWezLZblQZkzEOBs4/lquzCCAAK1puN+jBquNSt1drlCQNmW +gTr9Q4PpixNRGEkm+Agj+6V/fiGzeYWKDfvh4DE/S1gnCRwUu7i+JqgqBE9a6WwdpwO ou9VStN2dGp2W452zgfNPzI80AO6bqY4XpiXc=
MIME-Version: 1.0
Received: by 10.236.66.49 with SMTP id g37mr3527411yhd.237.1307979880381; Mon, 13 Jun 2011 08:44:40 -0700 (PDT)
Received: by 10.236.70.35 with HTTP; Mon, 13 Jun 2011 08:44:39 -0700 (PDT)
In-Reply-To: <20110613152832.GU1565@sentinelchicken.org>
References: <09c801cc24c2$a05bae00$e1130a00$@packetizer.com> <BANLkTin30NVzYVV1m4gmyh42DWs-nSQpAg@mail.gmail.com> <00f101cc255e$2d426020$87c72060$@packetizer.com> <BANLkTimn8c72p5bjwHNapW9kVCVBmNbC4w@mail.gmail.com> <015801cc25ab$063a2150$12ae63f0$@packetizer.com> <20110608153225.GL1565@sentinelchicken.org> <90C41DD21FB7C64BB94121FBBC2E7234475E773C73@P3PW5EX1MB01.EX1.SECURESERVER.NET> <BANLkTi=Qg=q066rAHkhFrsHBb3Yu4hWYFA@mail.gmail.com> <20110609144224.GR1565@sentinelchicken.org> <90C41DD21FB7C64BB94121FBBC2E7234475E774395@P3PW5EX1MB01.EX1.SECURESERVER.NET> <20110613152832.GU1565@sentinelchicken.org>
Date: Mon, 13 Jun 2011 15:44:39 +0000
Message-ID: <BANLkTik8+QSb3TiAnCF0Uf3JQ9_mH2MNtw@mail.gmail.com>
From: Bjartur Thorlacius <svartman95@gmail.com>
To: Tim <tim-projects@sentinelchicken.org>
Content-Type: text/plain; charset="UTF-8"
Cc: "apps-discuss@ietf.org" <apps-discuss@ietf.org>, OAuth WG <oauth@ietf.org>
Subject: Re: [apps-discuss] [OAUTH-WG] [http-state] HTTP MAC Authentication Scheme
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Jun 2011 15:45:02 -0000

On 6/13/11, Tim <tim-projects@sentinelchicken.org> wrote:
> Agreed.  It is a typical "no one can do it because no one else is
> doing it" situation.
Not quite, as ad networks are free to support TLS. Embedders simply
link to ads using either the http or the https scheme (without
breaking anythings as user agents support both already). The problem
seems to be lack of pressure, as ad networks compete primarily on
price and amount of distraction. Users won't notice if they're
downloading both their content and ads over plain HTTP over TCP.