[flog]

Well it's another link in the security chain.

You would be negligent not to implement this if you're storing sensitive data on AWS. No?

[soult]

As I understand it the encryption adds both latency and more points of failure to S3 (keys stored on separate servers). How is adding both of that negligent?

From a security point of view the encryption adds no value at all: Either I trust Amazon to not look at my data, or I don't trust them. If I don't trust them with my data, surely I also can't trust them with my encryption keys.

[joelhaasnoot]

I've already got this implemented by using duplicity for backing up to S3. All my data is securely stored using GnuPG and encrypted on upload.