1 files changed, 29 insertions, 0 deletions

diff --git a/doc/bugs/Forcing_https_for_Google_cloud_storage_remote__63__.mdwn b/doc/bugs/Forcing_https_for_Google_cloud_storage_remote__63__.mdwn
new file mode 100644
index 000000000..5b0eff50f
--- /dev/null
+++ b/doc/bugs/Forcing_https_for_Google_cloud_storage_remote__63__.mdwn
@@ -0,0 +1,29 @@
+### Please describe the problem.
+
+A special remote for Google cloud storage would appear to send the developer keys in the clear. 
+Obviously the content itself can be secured with the encryption but sending the auth keys in
+the clear permits anybody listening (i.e. at a public WiFi access point) to gain r/w access to
+the user's GCS store.
+
+### What steps will reproduce the problem?
+
+Setup a new special remote:
+
+    git annex initremote gcs type=S3 chunk=2MiB encryption=none host=storage.googleapis.com bucket=gitannex
+    ...
+    git move --to=gcs blah
+
+Capture packets. Watch the developer keys go by in the headers. And in this case, see the content too because there's no
+encryption turned on. But I believe that I know how to fix this. 
+
+I tried to persuade `git annex` to use a SSL connection but without encouraging results:
+
+    git annex initremote gcs type=S3 chunk=2MiB port=443 host=storage.googleapis.com bucket=gitannex
+    initremote gcs (checking bucket...) git-annex: ErrorClosed
+
+
+### What version of git-annex are you using? On what operating system?
+
+Debian wheezy, git-annex version: 5.20141024~bpo70+1
+
+### Please provide any additional information below.