Echoing Neil's concerns, I posted this to the issue tracker:
https://github.com/danielfett/draft-dpop/issues/56
I've been talking to several large scale API operators about DPoP. A
consistent concern is the CPU cost of doing an asymmetric key
validation on every HTTP Request at the RS.
Micro-ben
I've updated the dpop in go implementation to -02:
https://github.com/pquerna/dpop
Compared to implementing -01, because the same proof is used against
the token requests and resource server access, it did generally
simplify the implementation risk and complexity.
Getting the private key fingerpr
Hi all,
I recently built a prototype of DPoP using Go, and wanted to provide
some feedback as I went about the implementation.
The implementation is open source: https://github.com/pquerna/dpop
Overall the spec felt functional, though I think the biggest gaps for
a deployment are with the Access
