Re: [http-state] [OAUTH-WG] [apps-discuss] HTTP MAC Authentication Scheme
Nico Williams <nico@cryptonector.com> Wed, 08 June 2011 01:22 UTC
Return-Path: <nico@cryptonector.com>
X-Original-To: http-state@ietfa.amsl.com
Delivered-To: http-state@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3CE8111E8153; Tue, 7 Jun 2011 18:22:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.149
X-Spam-Level:
X-Spam-Status: No, score=-3.149 tagged_above=-999 required=5 tests=[AWL=-1.172, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NuR9xz6PGLW2; Tue, 7 Jun 2011 18:22:04 -0700 (PDT)
Received: from homiemail-a72.g.dreamhost.com (mailbigip.dreamhost.com [208.97.132.5]) by ietfa.amsl.com (Postfix) with ESMTP id 800AE11E80FE; Tue, 7 Jun 2011 18:22:04 -0700 (PDT)
Received: from homiemail-a72.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a72.g.dreamhost.com (Postfix) with ESMTP id 51EE46B0078; Tue, 7 Jun 2011 18:22:04 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=cryptonector.com; h=mime-version :in-reply-to:references:date:message-id:subject:from:to:cc :content-type:content-transfer-encoding; q=dns; s= cryptonector.com; b=dDjqdD+Ai35GrrIFdxLEjX0o7vLxXrewoJkw9M5BnP3K f4GtSOhqNN+ZXOI1lDbyNJ8OJJ3wkpOR9izCa/AOqVkVa7sV7t8fJsDry7E1CgH2 b3pjpxxR0FTNAJLagerEE96DWUAiaARx1sPC6HK3oW7Mimhhcs5qE/2ywxhh4ug=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type:content-transfer-encoding; s= cryptonector.com; bh=LLMXHPcMoJJiak5gDNxcrRWfRXY=; b=bHPsiZLUI6q g1fmiEjAS2ncEg27mtBAtEgeO4cefRAxI/3bi9SVxmotixxL0rzCRM0I7uC3jQKr Ua3kEg6Nnzf2TccGXP4LlBQgRIuNCb4mUmwJmZ0iLQpqWxSAnXokv7flrk8MJYaN mDLYCWxQ9imY6NsFgDbzRpvuvEZ653Zc=
Received: from mail-pz0-f44.google.com (mail-pz0-f44.google.com [209.85.210.44]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a72.g.dreamhost.com (Postfix) with ESMTPSA id 2319A6B0059; Tue, 7 Jun 2011 18:22:04 -0700 (PDT)
Received: by pzk5 with SMTP id 5so12781pzk.31 for <multiple recipients>; Tue, 07 Jun 2011 18:22:03 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.68.37.3 with SMTP id u3mr486208pbj.456.1307496123808; Tue, 07 Jun 2011 18:22:03 -0700 (PDT)
Received: by 10.68.50.39 with HTTP; Tue, 7 Jun 2011 18:22:03 -0700 (PDT)
In-Reply-To: <BANLkTik1yv0NdMBo-u=dzDhBnf6diqRrNg@mail.gmail.com>
References: <90C41DD21FB7C64BB94121FBBC2E723447581DA8EA@P3PW5EX1MB01.EX1.SECURESERVER.NET> <BANLkTikpQNyQdr9oWHhtJ7a7d-4ri0CNdA@mail.gmail.com> <09c801cc24c2$a05bae00$e1130a00$@packetizer.com> <BANLkTin30NVzYVV1m4gmyh42DWs-nSQpAg@mail.gmail.com> <00f101cc255e$2d426020$87c72060$@packetizer.com> <BANLkTimn8c72p5bjwHNapW9kVCVBmNbC4w@mail.gmail.com> <1307486600.48324.YahooMailNeo@web31808.mail.mud.yahoo.com> <BANLkTi==5LjD7vW74tqB_sbSHrLjsJE6+A@mail.gmail.com> <4DEEAD76.2090800@adida.net> <BANLkTik7LyPWssAb0EBmx11hK53hiwgmrA@mail.gmail.com> <BANLkTik1yv0NdMBo-u=dzDhBnf6diqRrNg@mail.gmail.com>
Date: Tue, 07 Jun 2011 20:22:03 -0500
Message-ID: <BANLkTingLB=21gcV8++WxkiB9-1RXv-7yg@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: Randy Fischer <randy.fischer@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Cc: "apps-discuss@ietf.org" <apps-discuss@ietf.org>, Ben Adida <ben@adida.net>, Adam Barth <adam@adambarth.com>, "http-state@ietf.org" <http-state@ietf.org>, "William J. Mills" <wmills@yahoo-inc.com>, HTTP Working Group <ietf-http-wg@w3.org>, OAuth WG <oauth@ietf.org>
Subject: Re: [http-state] [OAUTH-WG] [apps-discuss] HTTP MAC Authentication Scheme
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Jun 2011 01:22:05 -0000
On Tue, Jun 7, 2011 at 8:05 PM, Randy Fischer <randy.fischer@gmail.com> wrote: > On Tue, Jun 7, 2011 at 7:09 PM, Nico Williams <nico@cryptonector.com> wrote: >> Or am I missing something? > > Well, last I tried it under apache, at least, there was a hard limit > on the length of > a TLS stream. Since I use HTTP for a storage system for multi-GB files, I'd > really love to see alternatives. Really? But if it'd have to be pretty short for the cost of the subsequent TLS session resumption to add up to so much latency and compute cost that you'd want to avoid using TLS. Also, that sounds like a fixable bug. If you can implement this MAC proposal, you can fix that bug. Nico --
- [http-state] HTTP MAC Authentication Scheme Eran Hammer-Lahav
- Re: [http-state] [apps-discuss] HTTP MAC Authenti… Nico Williams
- Re: [http-state] [apps-discuss] HTTP MAC Authenti… Eran Hammer-Lahav
- Re: [http-state] [apps-discuss] HTTP MAC Authenti… Nico Williams
- Re: [http-state] [apps-discuss] HTTP MAC Authenti… Mark Nottingham
- Re: [http-state] [apps-discuss] HTTP MAC Authenti… Eran Hammer-Lahav
- Re: [http-state] [apps-discuss] HTTP MAC Authenti… Stephen Farrell
- Re: [http-state] [apps-discuss] HTTP MAC Authenti… Mark Nottingham
- Re: [http-state] [apps-discuss] HTTP MAC Authenti… Adam Barth
- Re: [http-state] [apps-discuss] HTTP MAC Authenti… Eran Hammer-Lahav
- Re: [http-state] [apps-discuss] HTTP MAC Authenti… Mark Nottingham
- Re: [http-state] [apps-discuss] HTTP MAC Authenti… Stephen Farrell
- Re: [http-state] [apps-discuss] HTTP MAC Authenti… Dave CROCKER
- Re: [http-state] [apps-discuss] HTTP MAC Authenti… Paul E. Jones
- Re: [http-state] [apps-discuss] HTTP MAC Authenti… Nico Williams
- Re: [http-state] [apps-discuss] HTTP MAC Authenti… Adam Barth
- Re: [http-state] [apps-discuss] HTTP MAC Authenti… Nico Williams
- Re: [http-state] [OAUTH-WG] [apps-discuss] HTTP M… Nico Williams
- Re: [http-state] [apps-discuss] HTTP MAC Authenti… Adam Barth
- Re: [http-state] [apps-discuss] HTTP MAC Authenti… Paul E. Jones
- Re: [http-state] [apps-discuss] HTTP MAC Authenti… Nico Williams
- Re: [http-state] [apps-discuss] HTTP MAC Authenti… Nico Williams
- Re: [http-state] [OAUTH-WG] [apps-discuss] HTTP M… Nico Williams
- Re: [http-state] [OAUTH-WG] [apps-discuss] HTTP M… Nico Williams
- Re: [http-state] [OAUTH-WG] [apps-discuss] HTTP M… Nico Williams
- Re: [http-state] [OAUTH-WG] [apps-discuss] HTTP M… Nico Williams
- Re: [http-state] [OAUTH-WG] [apps-discuss] HTTP M… Nico Williams
- Re: [http-state] [apps-discuss] [OAUTH-WG] HTTP M… Mark Nottingham
- Re: [http-state] [apps-discuss] HTTP MAC Authenti… Paul E. Jones
- Re: [http-state] [apps-discuss] HTTP MAC Authenti… Nico Williams
- Re: [http-state] [apps-discuss] [OAUTH-WG] HTTP M… Nico Williams
- Re: [http-state] [apps-discuss] HTTP MAC Authenti… Paul E. Jones
- Re: [http-state] [apps-discuss] HTTP MAC Authenti… Paul E. Jones
- Re: [http-state] [OAUTH-WG] [apps-discuss] HTTP M… Igor Faynberg
- Re: [http-state] [OAUTH-WG] [apps-discuss] HTTP M… William J. Mills
- Re: [http-state] [OAUTH-WG] [apps-discuss] HTTP M… Randy Fischer
- Re: [http-state] [OAUTH-WG] [apps-discuss] HTTP M… William J. Mills
- Re: [http-state] [apps-discuss] [OAUTH-WG] HTTP M… Breno de Medeiros
- Re: [http-state] [OAUTH-WG] [apps-discuss] HTTP M… Tim
- Re: [http-state] [apps-discuss] HTTP MAC Authenti… Tim
- Re: [http-state] [apps-discuss] [OAUTH-WG] HTTP M… Bjartur Thorlacius
- Re: [http-state] [apps-discuss] HTTP MAC Authenti… Tim