[raganwald]

I’d like to hear more about what “facilitate” means.

Is the connection from the device right through EC2 out to the site secure, even from Amazon?

Or, is the connection from the device to Amazon secure, and the connection from Amazon to the site secure, but Amazon is acting as a man-in-the-middle?

Or, is the connection from the device to Amazon insecure, Amazon is acting as a man-in-the-middle, but the connection from Amazon to the site is secure?

I may be having a slow neuron day, but the wording of the FAQ doesn’t seem to definitively state which of these three cases holds?

[johnpaulett]

It sounds like Amazon is a effectively a man-in-the-middle.

Hopefully the device-to-Amazon connection is secured by Amazon, but I can not find any details.

The privacy implications of all SSL traffic being decrypted on AWS are a bit scary.

I am guessing the end user will never see broken SSL certificate warnings (as you would expect in a regular browser), since Amazon can add a "Amazon MITM" root CA certificate to the browser.

[srdev]

If Amazon does, in fact, act as a MITM, then that's a deal-breaker as far as I'm concerned.

Edit: The more I think about it, the more I think it is likely that they are just passing along the connection. SSL is designed to prevent MITM attacks. They would have to provide their own certificate which would cause browser warnings. They could write their browser to ignore certificate problems for Amazon certificates, but that strikes me as a pretty gaping hole.

[raganwald]

What you say is very true, however when you say that SSL prevents MITM attacks, you are assuming that “their browser” always lives entirely within the device.

If their browser has code operating on the device and in the cloud, then their browser won't generate certificate warnings because there isn’t a man-in-the-middle between their browser and the site, there’s a man-in-the-middle between the device in your hands and the site.

It would be insecure against Amazon snooping or modifying the communication, but still generate the appropriate warnings about bad certificates.

I think the answer is, run “off-cloud” when you want privacy from Amazon.

[srdev]

Yes, I hadn't considered that possibility. The picture in my mind was some sort of hybrid operation where some of the work was offloaded, in which case you would still have to properly support device-to-site SSL links.

So I guess the issue of privacy still remains up in the air. I was hoping to be an early adopter of this, but I think I'll wait to see how the SSL via Silk situation pans out before putting down cash.

[mikeash]

They're providing their own browser, so there's nothing that says this technique would have to trigger browser warnings.

It could easily work by having the connection between EC2 and the remote site be managed over SSL normally. EC2 then rejiggers the traffic, encrypts it over SSL with Amazon's certificate to send it to the device, and includes a little blob of data saying, "we got this from site X, whose certificate is Y". Amazon's browser could verify that but trust EC2 not to screw with the data. End result: no warnings, and your data is safe from everyone except Amazon. Which is not great, but neither is it hugely insecure.

[macrael]

It sounds like they are using SPDY for the connection between the device and the cloud, so I believe that means that your connection to the Amazon server is secure. My reading is that Amazon will be able to see the secure traffic so that it can render it cloud side just like any other traffic. But the FAQ blurb is not a definitive answer.

[joshfraser]

My guess is everything is secure, but they are terminating the SSL connection, using a private cert to talk to the clients, and then passing along the information about the original cert. If they didn't do that, they wouldn't be able to optimize much since they couldn't read the content. They would also need a private IP address for every user (impractical), because the HTTP headers get encrypted as well and Amazon wouldn't know where to direct incoming traffic w/o using unique IPs.

[davnola]

Good question, but the T&Cs do state you can operate in "off-cloud" direct site-access mode http://amzn.to/qHBhqP

[notatoad]

a direct connection doesn't have a man in the middle. that's what direct means. amazon notices you're requesting an https connection and hops out of the way.

[qjz]

Both sentences in that FAQ answer are in direct opposition to each other and require clarification. But that hardly matters if Amazon has access to the browser's internals, anyway.