[Openstack] State of OpenStack Auth

Soren Hansen soren at ubuntu.com
Tue Mar 1 20:47:00 UTC 2011

2011/3/1 Eric Day <eday at oddments.org>:
> Signature based auth such as EC2 should also always require
> a secure channel too, but if not attacks are less severe since they
> are limited to reply attacks only (the request and parameters are used
> as part of the signature).

Just a note: The request also includes a timestamp and an expiration
field, so replay attacks are only possible within a certain
(user-defined) timeframe.

Soren Hansen
Ubuntu Developer    http://www.ubuntu.com/
OpenStack Developer http://www.openstack.org/

More information about the Openstack mailing list