On 10-Mar-06, at 6:27 AM, Robert Yates wrote:
Dick Hardt wrote:
2) Only call the remote site once to generate a shared secret
and then use the secret to verify signatures coming from that
site. This would be akin to openid's associate mode.
I think having a shared secret mode is a good option for
improving performance. Just as in OpenID, having it as an option
rather then a requirement is best as it requires state management
and additional overhead if little interaction between that
Homesite and Membersite. Note that it does not solve DoS since
bad server can repeatedly fail to provide shared secret.
3) Use Phillip's suggestion of SRV records as a discovery
mechanism, instead of looking up the persona-url.
Does not solve DoS as bad server can withhold returning SRV records.
I agree that the above two suggestions do not eliminate the
possibility of DoS. The intent behind the suggestions was that
they should make it easier to detect/protect against a DoS. The
thinking being that fewer calls need to be made during normal
operation to remote sites. The membersite only needs to establish
a shared secret or lookup a homesites SRV record once. If it finds
that many requests are waiting for shared secrets or SRV record
responses it can abort further requests for these items until the
backlog has cleared. It can, however, still continue normal
operations to homesites with which it already shares a secret and
whose SRV record has been cached.
Similiarly, a Homesite that takes a long time to respond or does not
respond can be logged and the Membersite could prompt the user when
that Homesite is used and ask them if they really want to use that
Homesite, or ask the user for another Homesite.
Just as the SRV record is cached, the the Homesite and persona-url
document could be cached using standard HTTP caching or some caching
meta data in the document.
There is lots more to discuss here. Please don't interpret my
comments that I think dmd0 is *the* way to solve the problem.
Hopefully we will get a WG so that more people are looking at the
solution space.
Given that we have not got a WG started yet, I'm wondering if we
are getting ahead of ourselves though?
Point taken, apologies,
None needed. Good discussion. I think it is a good indication that a
WG would make sense! :-)
-- Dick
_______________________________________________
dix mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dix
