Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RFC - Consolidate validation of remote servers #3078

Open
pjbgf opened this issue Sep 6, 2022 · 0 comments · May be fixed by #3366
Open

RFC - Consolidate validation of remote servers #3078

pjbgf opened this issue Sep 6, 2022 · 0 comments · May be fixed by #3366
Labels
area/rfc Feature request proposals in the RFC format area/security Security related issues and pull requests
Milestone
Security

Comments

@pjbgf
Copy link
Member

pjbgf commented Sep 6, 2022

Some Flux controllers allow Flux users to trust remote servers on a per-object basis.
For example, Source Controller support CA Bundles to be set at object level, so that TLS connections can be established and trusted when custom PKIs or self-signed certificates are being used. The same applies to known_hosts to SSH connections.

A new RFC should be created to consolidate the topic across the controllers and establish:

  • Supported (vs recommended) mechanisms that change the CA Store or known_hosts.
  • Ways for Platform Admins to toggle per-object trust overrides.
@pjbgf pjbgf added area/rfc Feature request proposals in the RFC format area/security Security related issues and pull requests labels Sep 6, 2022
@pjbgf pjbgf added this to the GA milestone Sep 6, 2022
@pjbgf pjbgf linked a pull request Dec 4, 2022 that will close this issue
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/rfc Feature request proposals in the RFC format area/security Security related issues and pull requests
Projects
Maintainers' Focus
Status: In Progress
Milestone
Security
Development

Successfully merging a pull request may close this issue.

[RFC] Trust Store for TLS and SSH pjbgf/flux2
1 participant
@pjbgf