Sharing environments - a proposal
William Reade
william.reade at canonical.com
Fri May 30 09:59:56 UTC 2014
I don't think there is any reason to drop ca-cert from the .jenv for a
singular environment; when you're first connecting to any state server you
certainly need verification that it's really who it says it is. The exact
source of the trust depends on the scenario, for sure, but in the singular
state-server case a .jenv is the simple sane way to do it IMO.
On Fri, May 30, 2014 at 9:32 AM, roger peppe <roger.peppe at canonical.com>
wrote:
> On 30 May 2014 06:50, John Meinel <john at arbash-meinel.com> wrote:
> > ...
> >
> >>
> >> > PROBLEM: right now all connections to the api server are secured with
> >> > TLS and the client-cert.
> >>
> >> As John says, this isn't actually true - connections are secured with
> >> a server cert and a password.
> >>
> >> Unfortunately I believe it is impossible to lose either one of these
> >> without rendering juju fundamentally insecure against man-in-the-middle
> >> attacks.
> >>
> >> If we take the approach you suggest, that's what we'd end up with.
> Anyone
> >> that can subvert the network between the "juju connect" command and the
> >> API server could pretend to be the desired environment, forwarding and
> >> changing requests as maliciously as it liked. There's no way that the
> >> client can know that it's talking to the middle-man, and no way for the
> >> server to know that it's not being addressed by the expected client.
> >>
> >> There is also the problem that the "endpoint" can change - with HA the
> >> actual API addresses can and will change (and there are many
> >> possible addresses too - we try to connect to all of them; that's
> >> not very convenient for a small piece of information to copy
> >> and paste)
> >
> >
> > So we could certainly make it safe once you have securely connected 1
> time.
> > In that we can ask what the CA cert is for this environment, and then
> make
> > sure all future connections are validated with that CA.
>
> Yes. You have to work out how you're going to connect securely that
> first time though. How do you propose to do that?
>
> cheers,
> rog.
>
> --
> Juju-dev mailing list
> Juju-dev at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/juju-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/juju-dev/attachments/20140530/312509b9/attachment.html>
More information about the Juju-dev
mailing list