openstack team mailing list archive

[Michael Barton <mike-launchpad@xxxxxxxxxxxxxxxx>]

> a secure channel too, but if not attacks are less severe since they
> are limited to reply attacks only (the request and parameters are used
> as part of the signature). We can easily support both (and others),
> but we need to understand the needs and constraints of each.

HMAC is sort of appealing for Swift, since it'd let people choose to
use HTTP instead of HTTPS for data that's not sensitive.

-- Mike