2011/3/1 Eric Day <[email protected]>: > Signature based auth such as EC2 should also always require > a secure channel too, but if not attacks are less severe since they > are limited to reply attacks only (the request and parameters are used > as part of the signature).
Just a note: The request also includes a timestamp and an expiration field, so replay attacks are only possible within a certain (user-defined) timeframe. -- Soren Hansen Ubuntu Developer http://www.ubuntu.com/ OpenStack Developer http://www.openstack.org/ _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : [email protected] Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
