I'm dropping it from MAC.
EHL
> -Original Message-
> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
> Of Andrew Wooster
> Sent: Friday, May 20, 2011 8:42 PM
> To: Julian Reschke
> Cc: Kris Selden; OAuth WG
> Subject: Re: [OAUTH-WG] Language encoding in error_descri
On May 19, 2011, at 10:52 AM, Julian Reschke wrote:
> On 2011-05-19 19:47, Kris Selden wrote:
>> I totally missed the error_description in the WWW-Authenticate header in the
>> bearer spec. I'm not sure why the human readable error description is not
>> in the response body on a 401 but I assume
On Fri, May 20, 2011 at 4:18 PM, Eran Hammer-Lahav wrote:
>> Additional comments:
>>
>> - Using nonces for replay protection is heavy-duty. It is difficult to
>> implement a reliable, secure, high-performance replay cache. (It is easy to
>> implement just a high-performance replay cache: use
>>
> -Original Message-
> From: Nico Williams [mailto:n...@cryptonector.com]
> Sent: Friday, May 20, 2011 1:25 PM
> To: Eran Hammer-Lahav
> Cc: apps-disc...@ietf.org; Ben Adida; http-st...@ietf.org; OAuth WG; Adam
> Barth (a...@adambarth.com); HTTP Working Group
> Subject: Re: [apps-discuss]
Additional comments:
- Using nonces for replay protection is heavy-duty. It is difficult
to implement a reliable, secure, high-performance replay cache. (It
is easy to implement just a high-performance replay cache: use
memcache.)
I recommend an option to use sequence numbers at the server'
