> a secure channel too, but if not attacks are less severe since they > are limited to reply attacks only (the request and parameters are used > as part of the signature). We can easily support both (and others), > but we need to understand the needs and constraints of each.
HMAC is sort of appealing for Swift, since it'd let people choose to use HTTP instead of HTTPS for data that's not sensitive. -- Mike _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : [email protected] Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
