issues
search
AmitKumarDas
/
Decisions
Apache License 2.0
10
stars
3
forks
source link
TLS: Security Basics
#182
Open
AmitKumarDas
opened
4 years ago
AmitKumarDas
commented
4 years ago
TLS protocol (Transport Layer Security) include a security measure called digital certificates.
Using this mechanism, a public key can be signed by another party.
:bulb: Think this to be some governing body
A certificate also contains identity information pertaining to the owner of the public key.
:bulb: A certificate needs to mention the owner else why the certificate at all
Often Heard
Is communication done over a certificate signed by a
certificate authority
i.e. CA of my choice?
Is communication done over a certificate with
subjectAltName
of my choice?
CA to be used to validate the certificate presented by the backend should be packaged in a K8s Secret.
CA
(the one that validates the certificate)
should itself get validated.
In other words, is the CA of my choice?
The store of CA information is an opaque kubernetes secret.
The secret object should contain one entry named ca.key, the contents will be the CA public key material.
Notes
subjectAltName is a set of values associated with a security certificate
e.g. email address, IP address, URI, DNS names, Directory names, etc
Often Heard
certificate authorityi.e. CA of my choice?subjectAltNameof my choice?Notes