undefined | Better HN

0 pointsvbezhenar9mo ago0 comments

Theoretically TCP packets have checksums, however it's fairly weak. So for HTTP, additional checksums make sense. Although I'm not sure, if there are any internal AWS S3 deployments working over HTTP and why would they complicate their protocol for everyone to help such a niche use case.

I'm sure that they have reasons for this whole request signature scheme over traditional "Authorization: Bearer $token" header, but I never understood it.

0 comments

easton9mo ago

AWS has a video about it somewhere, but in general, it’s because S3 was designed in a world where not all browsers/clients had HTTPS and it was a reasonably expensive operation to do the encryption (like, IE6 world). SigV4 (and its predecessors) are cheap and easy once you understand the code.

https://youtube.com/watch?v=tPr1AgGkvc4, about 10 minutes in I think.

formerly_proven9mo ago

Because a bearer token is a bearer token to do any request, while a pre-signed request allows you to hand out the capability to perform _only that specific request_.

degamad9mo ago

Bearer tokens have a defined scope, which could be used to limit functionality in a similar way to pre-signed requests.

However, the s3 pre-signed requests functionality was launched in 2011, but the Bearer token RFC 6750 wasn't standardised until 2012...

j / k navigate · click thread line to collapse