Currently I'm using HMAC-SHA1 over HTTP and have been considering
adding in SSL to my app, but am slightly confused as to what is more
appropriate. Obviously I'll be losing a *lot* of speed with SSL, and
from reading the specification I'm unclear whether it's actually
necessary. For example:

http://oauth.net/core/1.0a/#rfc.section.A.1

Seems to state that when using HTTPS I must use PLAINTEXT for my
signatures - can someone help me understand whether one is more secure
than the other, and if possible a recommendation of what to go for. I
take a lot of cues from Twitter (who are using HMAC-SHA1 and HTTP)
cause I'd like to imagine their herds of boffins have thought of most
scenarios...

What do you think?

-- 
You received this message because you are subscribed to the Google Groups 
"OAuth" group.
To post to this group, send email to oa...@googlegroups.com.
To unsubscribe from this group, send email to 
oauth+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/oauth?hl=en.

Reply via email to