This provides powerful anonymity on the wire; there is no customer ID or VPC ID there in plaintext. This has the effect of making traffic correlation and traffic analysis attacks many many orders of magnitude harder.
-
-
Lever encryption and VPC Encryption or Inter-Region Peering often happen at the same time, e.g. packets crossing between AZs or regions. That's two layers of no-configuration required pervasive cryptography.
Show this thread -
h/t to my colleague and Lever lead David Sinn for all that info!
Show this thread -
Now, none of this means that you should not use TLS or other encryption protocols in your own applications. Network Encryption is awesome, but does not provide anti-replay, or application-to-application authentication. These new protocols are designed to fill gaps.pic.twitter.com/uP9NXXz9sj
Show this thread -
Of course it's great too to have a built-in mechanism to protect legacy traffic that is not encrypted at all.
Show this thread -
These are first features I've ever worked on where is no API, nothing for you to do. This is all under the hood. There is no change to your experience running on AWS. Customers never see the encrypted traffic, we do the encryption and decryption for you.
Show this thread -
All of the encryption and decryption happens in hardware; and for VPC Encryption, it's custom silicon designed and built by Annapurna labs as part of our Nitro security system. That means we can all of this with no impact on performance. We've been in production for months!
Show this thread -
O.k. there you have it. VPC Encryption, Lever Link Encryption, Multi-Party key distribution, AES-256, no API or settings, just "on". AMA.
Show this thread
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.