|
|
|
|
|
|
by mikeash
5374 days ago
|
|
|
They're providing their own browser, so there's nothing that says this technique would have to trigger browser warnings. It could easily work by having the connection between EC2 and the remote site be managed over SSL normally. EC2 then rejiggers the traffic, encrypts it over SSL with Amazon's certificate to send it to the device, and includes a little blob of data saying, "we got this from site X, whose certificate is Y". Amazon's browser could verify that but trust EC2 not to screw with the data. End result: no warnings, and your data is safe from everyone except Amazon. Which is not great, but neither is it hugely insecure. |
|
|