A single client could generate multiple requests simultaneously, and have them show up out of order.
Allen On 3/24/10 10:06 PM, "Brian Eaton" <[email protected]> wrote: > On Wed, Mar 24, 2010 at 9:46 PM, Luke Shepard <[email protected]> wrote: >> This is probably a stupid question, but why do we need accurate timestamps? >> Why is it not sufficient to use a monotonically increasing call_id to >> prevent replay attacks? (this is how the Facebook sig algorithm works) > > Monotonically increasing counters don't scale well in distributed > systems. It is rapidly changing state that needs to be synchronously > replicated across lots of clients and servers. _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
