Why did Amazon Web Services choose a proprietary HMAC?

Showing 1-2 of 2 messages
Why did Amazon Web Services choose a proprietary HMAC? Andrei Neculau 10/9/12 4:09 AM
From: http://www.quora.com/Amazon-Web-Services/Why-did-Amazon-Web-Services-choose-a-proprietary-HMAC

#1 Why allow HTTP, rather than limiting to HTTPS ?

#2 And if they were to limit themselves to HTTPS, would they still create their proprietary HMAC, instead of OAuth or BasicAuth+SSL ?
Re: [api-craft] Why did Amazon Web Services choose a proprietary HMAC? Greg Brail 10/9/12 8:11 AM
I don't work there but:


#1 Why allow HTTP, rather than limiting to HTTPS ?

S3 (which was one of their very first APIs if not the first) lets you upload and download gigantic files and I presume that they figured the cost, quite a few years ago, of doing this with SSL would be prohibitive. 

#2 And if they were to limit themselves to HTTPS, would they still create their proprietary HMAC, instead of OAuth or BasicAuth+SSL ?


Their longest-lived APIs like S3 were in production a few years before OAuth was invented.


--
Gregory Brail  |  Technology  |  Apigee