OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

regrep message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [regrep] [RS Issue] HTTP connection taking longer than TTL

Matthew MacKenzie wrote:

> Farrukh,
> I haven't hashed out a solution as of yet, but I was thinking along 
> the lines of adding  optional mutually authenticated SSL to the 
> Federation protocol.  This way, all members of a federation would be 
> trusted by virtue of their connections to each and other being 
> encrypted using keys that are trusted.  Some kind of self signed 
> certificate exchange like is done in ebMS might just allow us to cut 
> down some of the processing and comm (SSL/TLS can also do some 
> compression) overhead.

Good point.

SSL based communication between Registry Client and Registry is already 
specified in section 10.3.1. I assume most registry-to-registry 
communication *WILL* be over SSL. Does that address the issue?

> As for ways to change http timeout...that is tricky in anything other 
> than a controlled network environment -- think proxies and such.
> -Matt
> Farrukh Najmi wrote:
>> Matt,
>> Did you have a solution for this potential problem?
>> Can TTL be configured for a web server or web client?
>> What options do we have?
>> What changes would you suggest for the spec?
>> Line 32 69:
>> "So queries are routed to n registry instances, and responses are 
>> returned to the requesting registry node, signed.  The requesting 
>> registry node is expected to verify all signatures then re-sign the 
>> response?  I can see cases where this could take longer that the HTTP 
>> connection TTL."
>> Thanks.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]