Cryptography configuration is too easy to get wrong to risk exposing oneself to security breaches by multiplying the necessary configuration to establish basic connectivity.
Productivity annoyances:
- low-value wiring code and configuration to account for the self-signed CA
- connectivity loss when configuration doesn't work, easily done with self-signed crypto
- need to account for provisionning, distributing and injecting the CA in all clients
- need to establish a provider specific procedure and support to roll certificates.
Risks:
- injecting custom CAs in a kubernetes context usually involves startup hooks that can fail and prevent the deployment of new software versions
- the self-signed CA is valid for 10 years and can sign TLS certificates for any domain name, exposing services trusting this CA durably to MITM attacks if the associated private key is compromised
- we see such a risks as less likely to happen with specialized industry actors.
Additionally, I believe it would also be in aiven's interest to offload the sensitive private key lifecycle, confidentiality and related incident management to a industry recognized and specialized actor.
Florent Florent supported this idea ·
This is a must have for any SaaS in my opinion.
Cryptography configuration is too easy to get wrong to risk exposing oneself to security breaches by multiplying the necessary configuration to establish basic connectivity.
Productivity annoyances:
- low-value wiring code and configuration to account for the self-signed CA
- connectivity loss when configuration doesn't work, easily done with self-signed crypto
- need to account for provisionning, distributing and injecting the CA in all clients
- need to establish a provider specific procedure and support to roll certificates.
Risks:
- injecting custom CAs in a kubernetes context usually involves startup hooks that can fail and prevent the deployment of new software versions
- the self-signed CA is valid for 10 years and can sign TLS certificates for any domain name, exposing services trusting this CA durably to MITM attacks if the associated private key is compromised
- we see such a risks as less likely to happen with specialized industry actors.
Additionally, I believe it would also be in aiven's interest to offload the sensitive private key lifecycle, confidentiality and related incident management to a industry recognized and specialized actor.