Why did Amazon Web Services choose a proprietary HMAC?
98 views
Skip to first unread message
Andrei Neculau
Oct 9, 2012, 7:09:17 AM10/9/12
to api-...@googlegroups.com
From: http://www.quora.com/Amazon-Web-Services/Why-did-Amazon-Web-Services-choose-a-proprietary-HMAC
#1 Why allow HTTP, rather than limiting to HTTPS ?
#2 And if they were to limit themselves to HTTPS, would they still create their proprietary HMAC, instead of OAuth or BasicAuth+SSL ?
Greg Brail
Oct 9, 2012, 11:11:34 AM10/9/12
to api-...@googlegroups.com
I don't work there but:
--
Gregory Brail | Technology | Apigee
#1 Why allow HTTP, rather than limiting to HTTPS ?
S3 (which was one of their very first APIs if not the first) lets you upload and download gigantic files and I presume that they figured the cost, quite a few years ago, of doing this with SSL would be prohibitive.
#2 And if they were to limit themselves to HTTPS, would they still create their proprietary HMAC, instead of OAuth or BasicAuth+SSL ?
Their longest-lived APIs like S3 were in production a few years before OAuth was invented.
Gregory Brail | Technology | Apigee
Reply all
Reply to author
Forward
0 new messages