aws-sdk-kotlin icon indicating copy to clipboard operation
aws-sdk-kotlin copied to clipboard

Published 20 hours ago verified publisher icon awslabs

Handle Clock Skew

Open kggilmer opened this issue 3 years ago • 9 comments

Some of the AWS SDK's (Java/C# for sure) handle local clock skew differences which can affect signing.

Something to keep in mind and look into. CRT may or may not already handle this IDK.

Some more context: https://aws.amazon.com/blogs/developer/clock-skew-correction/

internal id: 173288088

kggilmer avatar Mar 04 '21 01:03 kggilmer

Verified w/ CRT team that there is nothing in CRT that currently would handle this for us.

kggilmer avatar Jun 16 '21 21:06 kggilmer

Java implementation: https://github.com/aws/aws-sdk-java-v2/blob/master/core/sdk-core/src/main/java/software/amazon/awssdk/core/retry/ClockSkew.java

kggilmer avatar Jun 16 '21 21:06 kggilmer

4 year old open customer request to add clock skew to BOTO3: https://github.com/boto/boto3/issues/1252

kggilmer avatar Jun 16 '21 21:06 kggilmer

There was a recent issue in Amplify (or rather one of the lower level libs aws-sdk-android or aws-sdk-ios) regarding clock skew.

aajtodd avatar Jun 17 '21 12:06 aajtodd

Hmm, as in there as a problem with the SDK implementation? Or that iOS doesn't have the feature? (from searching it looks like both v1 and v2 java sdks have a clock skew feature)

kggilmer avatar Jun 17 '21 14:06 kggilmer

Spoke with people on java and .net teams regarding the perceived importance of the feature. Neither felt it was important to provide at GA.

kggilmer avatar Jun 17 '21 14:06 kggilmer

Spoke with people on java and .net teams regarding the perceived importance of the feature. Neither felt it was important to provide at GA.

Tend to agree, I don't think we have this slotted before then. Was just mentioning I saw an issue recently related to it, wasn't implying we should bump it up or anything.

aajtodd avatar Jun 17 '21 15:06 aajtodd

@normj's take:

I suspect the feature is a bit overkill now a days. The idea is client machines running the SDK might not be as strict with the time settings as servers so we added it. In reality who doesn't have their client machine's time automatically set from the internet. I think you are fine holding off till you get customer feedback asking for the feature.

There is also the small use case of when an AWS host for a service has a messed up time setting that we have compensated for that. I think that has happen once with S3 that I know of. But this is a small use case.

kggilmer avatar Jun 17 '21 18:06 kggilmer

This is a very old issue that is probably not getting as much attention as it deserves. We encourage you to check if this is still an issue in the latest release and if you find that this is still a problem, please feel free to provide a comment or open a new issue.

github-actions[bot] avatar Jul 08 '22 15:07 github-actions[bot]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.

github-actions[bot] avatar Oct 17 '23 17:10 github-actions[bot]