SSL wouldn't protect against this as we're not sniffing but measuring the time it takes for each attempt.
P On Fri, Aug 14, 2009 at 4:56 PM, Chasen Le Hara<[email protected]> wrote: > > On Aug 14, 1:19 pm, Pelle Braendgaard <[email protected]> wrote: >> I think the only affected implementation is the plain text signature, >> which I really never thought should have been part of the standard in >> the first place. Does anyone actually use that? > > Are there any issues with using plain text signatures in conjunction > with SSL? Or, are there any reasons to use a non-plaintext signature > when SSL is always used? > -Chasen > > > -- http://agree2.com - Reach Agreement! http://extraeagle.com - Solutions for the electronic Extra Legal world http://stakeventures.com - Bootstrapping blog --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
