In an effort to escalate the level of encryption security for its cloud platform, Amazon Web Services has activated the Perfect Forward Secrecy for its CloudFront offerings.
Amazon CloudFront is a web content delivery platform and the company also brought major enhancements to its secure sockets layer connections on top of the PFS activation. By turning the Perfect Forward Secrecy on for CloudFront, Amazon Web Services is making sure that no two private keys are the same and that should one of these encryption keys be compromised in the future, that key would be useless for third-parties who would try to decrypt past sessions.
The fresh move by Amazon Web Services will prove helpful especially at a time when governments worldwide are working to scrape off private communication and Internet traffic for their surveillance operations. The Perfect Forward Secrecy is the perfect (no pun intended) solution to address this dilemma, which sent privacy advocates into protest.
Amazon Web Services follows in the footsteps of Google, Facebook, Twitter, and other large players in the Internet industry who have enabled Perfect Forward Secrecy on their services. Meanwhile, Microsoft and Yahoo have yet to turn the feature on for their services, which reports say could be no later than this year.
Amazon Web Services has also implemented Session Tickets and OCSP Stapling in the company’s SSL protocol, meaning that users no longer need to create code and configure the tool since Amazon already did that task for them. The OCSP Stapling works to spare clients from having to consult with a certificate authority to validate a certificate. In other words, the CloudFront works to verify domain name and certificate to cache the results into a packet in the SSL negotiation.
SSL Session Tickets also work to reduce the inactivity that arises when the SSL agreement is introduced, after whose completion the encryption server produces a session ticket and sends it back to the user. When the that user or client decides to resume a connection in some later time, the ticket can be presented to the server.
These fresh features come free of charge for Amazon Web Services clients. In addition to making the workloads on the Amazon cloud platform secure, enterprises will also find it simple to deliver content using the platform.
This is a showcase of how easy it would be to make better security accessible for cloud users, and what used to be a complicated process for content delivery will now be a thing of the past.