[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [regrep] [RS Issue] HTTP connection taking longer than TTL
Matthew MacKenzie wrote: > Farrukh, > > I haven't hashed out a solution as of yet, but I was thinking along > the lines of adding optional mutually authenticated SSL to the > Federation protocol. This way, all members of a federation would be > trusted by virtue of their connections to each and other being > encrypted using keys that are trusted. Some kind of self signed > certificate exchange like is done in ebMS might just allow us to cut > down some of the processing and comm (SSL/TLS can also do some > compression) overhead. Good point. SSL based communication between Registry Client and Registry is already specified in section 10.3.1. I assume most registry-to-registry communication *WILL* be over SSL. Does that address the issue? > > > As for ways to change http timeout...that is tricky in anything other > than a controlled network environment -- think proxies and such. > > -Matt > Farrukh Najmi wrote: > >> >> Matt, >> >> Did you have a solution for this potential problem? >> Can TTL be configured for a web server or web client? >> What options do we have? >> What changes would you suggest for the spec? >> >> Line 32 69: >> >> "So queries are routed to n registry instances, and responses are >> returned to the requesting registry node, signed. The requesting >> registry node is expected to verify all signatures then re-sign the >> response? I can see cases where this could take longer that the HTTP >> connection TTL." >> >> Thanks. >> > -- Regards, Farrukh
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]