Monotonical-increasing timestamp is not even possible in almost perfect conditions. We were hitting our servers using JMeter running on 2 boxes in the same data center and all our machines are synced with NTP. Just flipping a few pages through the log and I saw a case where timestamps are out of order.
Zhihong On Apr 16, 2:06 am, Manish Pandit <[email protected]> wrote: > On Apr 15, 10:54 pm, Mike Malone <[email protected]> wrote: > > > > > Depending on your use case that may work, but in practice I think loosening > > up the constraint requiring timestamps to be monotonically increasing makes > > sense. Sometimes it is convenient to generate URIs for later use, and other > > requests may be executed between the time such URIs are created and the time > > a request is made to the URI. > > > Also, if you have a consumer key that is used across many devices (e.g., a > > desktop or mobile app, or a web app with multiple servers) there could be > > any number of reasons why request A may arrive after request B despite being > > signed earlier (e.g., clock drift or shoddy internet connectivity). > > > So I'd say that strictly enforcing the timestamp constraint will probably be > > a problem... and since the nonce optimization you described relies on > > enforcement of the timestamp constraint I think it may not work in practice. > > > Mike > > Outch..totally forgot about the desktop/mobile clients where a lot of > requests could come in with the same consumer key..thanks so much! > > -cheers, > Manish --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
