ExternalVendorCode/corda
1
0
Fork 0
mirror of https://github.com/corda/corda.git synced 2024-12-29 09:18:58 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Update ssl-termination.md

Browse Source
This commit is contained in:
Matthew Nesbit 2017-11-15 13:56:18 +00:00 committed by GitHub
parent 1636a4bb0c
commit f15f57e83d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
docs/source/design/float/decisions/ssl-termination.md
View File

@ -25,7 +25,7 @@ Design of the [float](../design.md) is critically influenced by the decision of
#### Disadvantages
1. May limit cryptography options to RSA, and prevent checking of X500 names (only the root certificate checked) - Corda certificates are not totally standard;
1. May limit cryptography options to RSA, and prevent checking of X500 names (only the root certificate checked) - Corda certificates are not totally standard.
2. Doesnt allow identification of the message source.
3. May require additional work and SASL support code to validate the ultimate origin of connections in the float.
@ -34,7 +34,7 @@ Design of the [float](../design.md) is critically influenced by the decision of
##### Advantages
1. Maintain authentication support
2. Can authenticate against keys held internallye.g. Legal Identity not just TLS
2. Can authenticate against keys held internally e.g. Legal Identity not just TLS.
##### Disadvantages
@ -89,12 +89,12 @@ Design of the [float](../design.md) is critically influenced by the decision of
##### Disadvantages
1. Risks losing the TLS private key
1. Risks losing the TLS private key.
2. Probably not allowed.
## Recommendation and justification
Proceed with Variant option 1a: Terminate on firewall; include SASL connection checking
Proceed with Variant option 1a: Terminate on firewall; include SASL connection checking.