Hacker News new | ask | show | jobs
by johnpaulett 5380 days ago
From the FAQ [1]:

    What about handling secure (https) connections?
    We will establish a secure connection from the cloud to the site owner on your behalf for page requests of sites using SSL (e.g. https://siteaddress.com). 

    Amazon Silk will facilitate a direct connection between your device and that site.  Any security provided by these particular sites to their users would still exist.
[1]: http://www.amazon.com/gp/help/customer/display.html//ref=amb...
2 comments
raganwald 5380 days ago
I’d like to hear more about what “facilitate” means.

Is the connection from the device right through EC2 out to the site secure, even from Amazon?

Or, is the connection from the device to Amazon secure, and the connection from Amazon to the site secure, but Amazon is acting as a man-in-the-middle?

Or, is the connection from the device to Amazon insecure, Amazon is acting as a man-in-the-middle, but the connection from Amazon to the site is secure?

I may be having a slow neuron day, but the wording of the FAQ doesn’t seem to definitively state which of these three cases holds?

link
johnpaulett 5380 days ago
It sounds like Amazon is a effectively a man-in-the-middle.

Hopefully the device-to-Amazon connection is secured by Amazon, but I can not find any details.

The privacy implications of all SSL traffic being decrypted on AWS are a bit scary.

I am guessing the end user will never see broken SSL certificate warnings (as you would expect in a regular browser), since Amazon can add a "Amazon MITM" root CA certificate to the browser.

link
srdev 5380 days ago
If Amazon does, in fact, act as a MITM, then that's a deal-breaker as far as I'm concerned.

Edit: The more I think about it, the more I think it is likely that they are just passing along the connection. SSL is designed to prevent MITM attacks. They would have to provide their own certificate which would cause browser warnings. They could write their browser to ignore certificate problems for Amazon certificates, but that strikes me as a pretty gaping hole.

link
raganwald 5380 days ago
What you say is very true, however when you say that SSL prevents MITM attacks, you are assuming that “their browser” always lives entirely within the device.

If their browser has code operating on the device and in the cloud, then their browser won't generate certificate warnings because there isn’t a man-in-the-middle between their browser and the site, there’s a man-in-the-middle between the device in your hands and the site.

It would be insecure against Amazon snooping or modifying the communication, but still generate the appropriate warnings about bad certificates.

I think the answer is, run “off-cloud” when you want privacy from Amazon.

link
srdev 5380 days ago
Yes, I hadn't considered that possibility. The picture in my mind was some sort of hybrid operation where some of the work was offloaded, in which case you would still have to properly support device-to-site SSL links.

So I guess the issue of privacy still remains up in the air. I was hoping to be an early adopter of this, but I think I'll wait to see how the SSL via Silk situation pans out before putting down cash.

link
mikeash 5380 days ago
They're providing their own browser, so there's nothing that says this technique would have to trigger browser warnings.

It could easily work by having the connection between EC2 and the remote site be managed over SSL normally. EC2 then rejiggers the traffic, encrypts it over SSL with Amazon's certificate to send it to the device, and includes a little blob of data saying, "we got this from site X, whose certificate is Y". Amazon's browser could verify that but trust EC2 not to screw with the data. End result: no warnings, and your data is safe from everyone except Amazon. Which is not great, but neither is it hugely insecure.

link
macrael 5380 days ago
It sounds like they are using SPDY for the connection between the device and the cloud, so I believe that means that your connection to the Amazon server is secure. My reading is that Amazon will be able to see the secure traffic so that it can render it cloud side just like any other traffic. But the FAQ blurb is not a definitive answer.
link
joshfraser 5380 days ago
My guess is everything is secure, but they are terminating the SSL connection, using a private cert to talk to the clients, and then passing along the information about the original cert. If they didn't do that, they wouldn't be able to optimize much since they couldn't read the content. They would also need a private IP address for every user (impractical), because the HTTP headers get encrypted as well and Amazon wouldn't know where to direct incoming traffic w/o using unique IPs.
link
davnola 5380 days ago
Good question, but the T&Cs do state you can operate in "off-cloud" direct site-access mode http://amzn.to/qHBhqP
link
notatoad 5380 days ago
a direct connection doesn't have a man in the middle. that's what direct means. amazon notices you're requesting an https connection and hops out of the way.
link
qjz 5380 days ago
Both sentences in that FAQ answer are in direct opposition to each other and require clarification. But that hardly matters if Amazon has access to the browser's internals, anyway.
link
mike-cardwell 5380 days ago
"We will establish a secure connection from the cloud to the site owner on your behalf for page requests of sites using SSL (e.g. https://siteaddress.com)."

So they are MITM'ing HTTPS connections.

"Amazon Silk will facilitate a direct connection between your device and that site. Any security provided by these particular sites to their users would still exist."

So they aren't MITM'ing HTTPS connections.

What the hell? Which is it?

link