On Thu, Mar 26, 2009 at 2:22 PM, Zhihong <[email protected]> wrote: > We can't afford to ignore nonce. Timestamp can't prevent replay. We > allow clock skew up to 1 min so there is a 2-min window, in which the > message can be replayed. This is a risk we don't want to take.
OK, this is challenging then. I think you've got two choices: - look into alternatives to nonce to mitigate the risk of replay (https and idempotent requests come to mind.) - look at alternate replication schemes. The choice of synchronous vs asynchronous nonce replication is the big one, I suspect. The body signing spec I've been working on (http://oauth.googlecode.com/svn/spec/ext/body_hash/1.0/drafts/4/spec.html) might help you get to idempotent requests. You could also look at implementing the timestamp_refused error in the problem reporting extension. That would let you cut your time window from two minutes to something shorter. Clients would need to automatically adjust to the time stamp on your server. > I don't know why you think storage is infinite. It's very limited > because nonce has limited size and life, and servers have limited > bandwidth. That's the right way to do it, but it's not actually what the spec says to do. Check out this thread: http://markmail.org/message/apniux5s3iio7fln. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
