TO BE CLEAR: I'm NOT looking to write my own protocol, or my own client-side implementation. I'm looking for an EXISTING protocol, part of the HTTP standards, that is generally ALREADY supported by common browsers. (Such a thing may not exist.)
I have an HTTP application that needs some protection from man-in-the-middle threats. (The server needs to be able to prove the authenticity of its responses to the client.) Encryption is irrelevant and unnecessary. Also, the hardware budget is pretty small, given the expected hit rate.
Normally, I'd just get a cheap certificate and enable SSL on the web server, but a load-generator killed both Apache and Nginx (and I don't expect any other web servers to be do any better). For non-HTTP service, the load is fine. I also tried configuring the HTTPS server to negotiate a null encryption cipher. That helped a little, but the SSL handshake is still too heavy.
A simple SHA-1 signature (generated by the server) over the response document, verified by the client, would suit me just fine. I wrote a simple Python FastCGI script and HTTP client to test just the bare SHA-1 operation--it adds some load, but not much, not even close to what SSL with null encryption adds. In practice, though, my clients won't be Python scripts, they'll be web browsers.
(AGAIN, TO BE CLEAR: I'm not proposing my own crypto protocol, the Python script was just a test of how much load the SHA-1 hash generates, by itself, versus the rest of the SSL negotiation. I cannot use a custom client-side implementation, because I have no way of installing it for all of the client browsers.)
So: Are there any EXISTING lightweight (compared to SSL) server authentication protocols for HTTP?
