Comments on: Amazon web services signature vulnerability

By: Nate Lawson

Nate Lawson — Sat, 18 Jul 2009 18:50:27 +0000

SK, for client cert auth, you have to distribute the private key (PEM file) to all the clients. Or, you have to provide a tool to the clients to generate their own keys. Either way, it’s not well-integrated with the stock OS. Does Apple’s keychain utility automatically generate client certs/keys?

By: SK

SK — Fri, 17 Jul 2009 22:38:05 +0000

Nate – I couldn’t hit ‘reply’ next to your comment so I’m asking here. I’m not sure I understand how client certs involve distributing a blob to your clients. Dont you mean distributing a blob to your servers? Essentially the server should check whether the client cert matches the cert the client gave you through some out of band mechanism (like uploading through a site).

By: Nolan

Nolan — Mon, 01 Jun 2009 23:44:55 +0000

Oh, I absolutely agree with your point, and I use https for all my interactions with AWS.

I was merely compulsively correcting minor misinformation.

By: Nate Lawson

Nate Lawson — Mon, 01 Jun 2009 20:56:12 +0000

I appreciate you explaining more, but I still don’t see the need for the distinction you’re making between endpoints and application. However, I can come up with an artificial scenario which should be helpful for discussion.

Consider a client, middle-man, and server. The client wants to authenticate its requests to the server while sending them through the untrusted middle-man. The middle-man should not be able to masquerade as the client and generate its own requests. Obviously, SSL does not provide this protection.

But instead of rushing to implement a separate authenticated message layer, why not reconsider the architecture that creates an untrusted middle-man? In nearly all cases, this is due to an attempt to work around a broken architecture by adding custom crypto. Now you have two problems!

I have seen very few cases where this was actually necessary and in those cases, a high-level API, such as Keyczar, or using an OS subsystem, such as disk encryption, were the right answers.

By: PB

PB — Wed, 27 May 2009 06:51:31 +0000

Nate, I agree that SSL is useful "protect URLs and data, giving privacy, integrity protection". However, I would clarify that SSL provides those features in an application agnostic way. An application doesn’t need to know anything about what SSL is doing. This is a good thing ™. However, if client certificates are not viable and an application needs some degree of message level security (authenticating messages for example), we may have to look elsewhere. That was the main point of my earlier comments. In my opinion, without certificates the protections afforded to us by SSL don’t address all of the requirements (most, but not all). In my view SSL provides protection at the transport level, not the message level. Yes, the messages within the SSL stream have those protections, but that is from the context of the *SSL endpoints*, not the *application*. HMAC is an option that can authenticate messages from the context of the application. Like you mentioned in your original post, you’d definitely need to rely on SSL to protect the data stream.

By: Nate Lawson

Nate Lawson — Fri, 22 May 2009 17:12:26 +0000

Explain how idempotency saves you here:

ADD_USER(“nate”)
DELETE_USER(“nate”)
ADD_USER(“nate”)