Colin, I chose the wording for this title, not Nate, but you should know this is _Practical Cryptography_, page 108, graf 5, leading to "Design Rule 4, The Horton Principle". I don't think you're going to win this argument.
What you call "disingenuous", I call a "more complete consideration of the AWS security system". Even though I think you're aware of Nate's background, I'll assume good faith and just remind you that when you're reviewing protocols professionally, things like "messages are replayable and the protocol is only secure when run over TLS" get called out.
If the application layer cares about replays, sure. But in well-designed distributed systems, the application layer doesn't care about replays, because replays are the only way to ensure that operations succeed given node failures.
Isn't that a bit much to be throwing onto the shoulders of the application developer? At the very least I'd expect it to be explicitly documented that the possibility of replays by untrusted parties needs to be considered. I know you took it into account, but I doubt you have very much company.
At the very least I'd expect it to be explicitly documented that the possibility of replays by untrusted parties needs to be considered.
Hmm, good point. The AWS documentation has never been very explicit about these sorts of issues -- I'll email a few people at Amazon and suggest that they improve this.
Yes, this is moving toward what I was trying to say. Sorry if that wasn't clear. But I think the answer is not more documentation but handling this for the developer at a lower layer. And instead of Amazon implementing this lower layer themselves, use existing protocols like SSL.
With the exception of identity, SSL provides all the integrity protection, ordering, uniqueness, and even privacy that a developer could want. If you're willing to use client certs or SRP or basic auth, then you have identity covered too.
Amazon is exactly right in recommending SSL primarily. I just think they should stop there and not add "but if you have SSL performance problems, use AWS-Auth".
What you call "disingenuous", I call a "more complete consideration of the AWS security system". Even though I think you're aware of Nate's background, I'll assume good faith and just remind you that when you're reviewing protocols professionally, things like "messages are replayable and the protocol is only secure when run over TLS" get called out.