2011/3/1 Eric Day <e...@oddments.org>: > Signature based auth such as EC2 should also always require > a secure channel too, but if not attacks are less severe since they > are limited to reply attacks only (the request and parameters are used > as part of the signature).
Just a note: The request also includes a timestamp and an expiration field, so replay attacks are only possible within a certain (user-defined) timeframe. -- Soren Hansen Ubuntu Developer http://www.ubuntu.com/ OpenStack Developer http://www.openstack.org/ _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
