Aaron Parecki · Nov 5, 2013 · 4:39 AM UTC

Aaron Parecki

Aaron Parecki @aaronpk

5 Nov 2013

Hello Internet friends! What is the latest hotness in signed HTTP requests? Looking for a) easy to understand from... aaron.pk/n4St1

Hello Internet friends! What is the latest hotness in signed ...

Hello Internet friends! What is the latest hotness in signed HTTP requests? Looking for a) easy to understand from both client and server perspectives, and b) easy to implement in multiple languages...

aaronparecki.com

peat · Nov 5, 2013 · 4:41 AM UTC

peat @peat

5 Nov 2013

@aaronpk Doesn't SHA HMAC fit the bill? Depends on a shared secret, otherwise, pretty groovy.

Aaron Parecki · Nov 5, 2013 · 4:48 AM UTC

Aaron Parecki · Nov 5, 2013 · 4:48 AM UTC

Aaron Parecki @aaronpk

5 Nov 2013

Replying to @peat

@peat Yeah that seems to be the general consensus, but still leaves questions like which headers to sign, is the... aaron.pk/r4St6

Nov 5, 2013 · 4:48 AM UTC

peat · Nov 5, 2013 · 5:56 AM UTC

peat @peat

5 Nov 2013

Replying to @aaronpk

@aaronpk I suppose it depends on what you're protecting against, what's consistent in the environment, and what costs are associated.

peat · Nov 5, 2013 · 5:56 AM UTC

peat @peat

5 Nov 2013

Replying to @aaronpk

@aaronpk ... Which is to say, I guess I'm skeptical of a magic bullet signing system. :D