openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #01129
Re: State of OpenStack Auth
2011/3/1 Eric Day <eday@xxxxxxxxxxxx>:
> Signature based auth such as EC2 should also always require
> a secure channel too, but if not attacks are less severe since they
> are limited to reply attacks only (the request and parameters are used
> as part of the signature).
Just a note: The request also includes a timestamp and an expiration
field, so replay attacks are only possible within a certain
(user-defined) timeframe.
--
Soren Hansen
Ubuntu Developer http://www.ubuntu.com/
OpenStack Developer http://www.openstack.org/
Follow ups
References