ExternalVendorCode/corda
1
0
Fork 0
mirror of https://github.com/corda/corda.git synced 2024-12-29 09:18:58 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Update ssl-termination.md

Browse Source
This commit is contained in:
Matthew Nesbit 2017-11-15 13:56:18 +00:00 committed by GitHub
parent 1636a4bb0c
commit f15f57e83d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
docs/source/design/float/decisions/ssl-termination.md
View File

@ -25,16 +25,16 @@ Design of the [float](../design.md) is critically influenced by the decision of
#### Disadvantages #### Disadvantages
1. May limit cryptography options to RSA, and prevent checking of X500 names (only the root certificate checked) - Corda certificates are not totally standard; 1. May limit cryptography options to RSA, and prevent checking of X500 names (only the root certificate checked) - Corda certificates are not totally standard.
2. Doesnt allow identification of the message source. 2. Doesnt allow identification of the message source.
3. May require additional work and SASL support code to validate theultimate origin of connections in the float. 3. May require additional work and SASL support code to validate the ultimate origin of connections in the float.
#### Variant option 1a: Include SASL connection checking #### Variant option 1a: Include SASL connection checking
##### Advantages ##### Advantages
1. Maintain authentication support 1. Maintain authentication support
2. Can authenticate against keys held internallye.g. Legal Identity not just TLS 2. Can authenticate against keys held internally e.g. Legal Identity not just TLS.
##### Disadvantages ##### Disadvantages
@ -53,7 +53,7 @@ Design of the [float](../design.md) is critically influenced by the decision of
#### Disadvantages #### Disadvantages
1. We dont currently use the identity to check incoming packets,only for connection authentication anyway. 1. We dont currently use the identity to check incoming packets, only for connection authentication anyway.
2. Management of Private Key a challenge requiring extra work and security implications. Options for this are presented below. 2. Management of Private Key a challenge requiring extra work and security implications. Options for this are presented below.
#### Variant Option 2a: Float TLS certificate via direct HSM #### Variant Option 2a: Float TLS certificate via direct HSM
@ -85,19 +85,19 @@ Design of the [float](../design.md) is critically influenced by the decision of
1. Simple with minimal extra code required. 1. Simple with minimal extra code required.
2. Delegates access control to banks own systems. 2. Delegates access control to banks own systems.
3. Risks losing only the TLS private key, which caneasily be revoked. This isnt the legal identity key at all. 3. Risks losing only the TLS private key, which can easily be revoked. This isnt the legal identity key at all.
##### Disadvantages ##### Disadvantages
1. Risks losing the TLS private key 1. Risks losing the TLS private key.
2. Probably not allowed. 2. Probably not allowed.
## Recommendation and justification ## Recommendation and justification
Proceed with Variant option 1a: Terminate on firewall; include SASL connection checking Proceed with Variant option 1a: Terminate on firewall; include SASL connection checking.
## Decision taken ## Decision taken
Decision still required. Decision still required.