Added a comment

author: http://joeyh.name/ <http://joeyh.name/@web> 2013-01-15 20:25:42 +0000
committer: admin <admin@branchable.com> 2013-01-15 20:25:42 +0000
commit: 738bae92f34f23bf8e44a7d18928729c75ed8f12 (patch)
tree: ac6766b6644a9e624a43dfd5ffda5602542f8957 /doc
parent: af064b9f3ce9839b119f3641b0bd1541fa4beda1 (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/doc/forum/No_SSL_traffic_for_S3__63__/comment_1_f509bf273896180e6df8c771438dd093._comment b/doc/forum/No_SSL_traffic_for_S3__63__/comment_1_f509bf273896180e6df8c771438dd093._comment
new file mode 100644
index 000000000..808d4c035
--- /dev/null
+++ b/doc/forum/No_SSL_traffic_for_S3__63__/comment_1_f509bf273896180e6df8c771438dd093._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ username="http://joeyh.name/"
+ ip="4.154.7.238"
+ subject="comment 1"
+ date="2013-01-15T20:25:42Z"
+ content="""
+<http://hackage.haskell.org/package/hS3> is a Haskell library for S3, which git-annex uses. It does not support HTTPS. I'm sure its author would appreciate help, or maybe even just gentle motivation.
+
+FWIW, I think that S3's authorization is designed to be pretty secure even over an un-encrypted transport.
+It uses HMAC to sign the request with your AWS credentials securely, and includes a date that is hopefully used to avoid replay attacks.
+"""]]
author	http://joeyh.name/ <http://joeyh.name/@web>	2013-01-15 20:25:42 +0000
committer	admin <admin@branchable.com>	2013-01-15 20:25:42 +0000
commit	738bae92f34f23bf8e44a7d18928729c75ed8f12 (patch)
tree	ac6766b6644a9e624a43dfd5ffda5602542f8957 /doc
parent	af064b9f3ce9839b119f3641b0bd1541fa4beda1 (diff)