• Łukasz Nowak's avatar
    caddy-frontend: Expose csr_id over HTTPS · 7c5c99b1
    Łukasz Nowak authored
    csr_id is exposed over HTTPS with short living self signed certificate,
    which is transmitted via SlapOS Master. Thanks to this, it is possible to
    match csr_id with certificate of given partition and take decision if it shall
    be signed or not.
    
    This is "quite secure" apporach, a bit better than blidny trusting what CSR
    to sign in KeDiFa. The bootstrap information, which is short living
    (certificates are valid for 5 days), resides in SlapOS Master. The csr_id
    is not directly known to SlapOS Master, and shall be consumed as fast as
    possible by frontend cluster operator in order to sign CSR appearing in
    KeDiFa caucase. The known possible attack vector requires that attacker knows
    caucased HTTP listening port and can hijack HTTPS traffic to the csr_id-url
    to get the human approve his own csr_id. The second is hoped to be overcomed
    by publishing certificate of this endpoint via SlapOS Master.
    
    Unfortunately caucase-updater prefix is directly used to find real CSR, as the
    one generated is just a template for rerequest, thus csr_id would be different
    from really used by caucase-updater.
    7c5c99b1
buildout.hash.cfg 3.75 KB