require new nodes to be validated before being able to connect #310

Open
opened 2022-05-23 20:39:02 +00:00 by trinity-1686a · 0 comments

Today the RPC is secured by requiring the knowledge of the RPC secret and the ip and node id of at least one node. To make Garage more secure against leakage of the RPC secret and node id, Garage could require a new node to be accepted by an other node before it can issue any RPC command (or require initial connection to always come from an already known node to a new node). This functionality should probably be optional.
It's currently not possible to implement something like this as client RPC creates a temporary node, so it would prevent any administrative operation, however as we move to a REST admin API, it should become possible

Today the RPC is secured by requiring the knowledge of the RPC secret and the ip and node id of at least one node. To make Garage more secure against leakage of the RPC secret and node id, Garage could require a new node to be accepted by an other node before it can issue any RPC command (or require initial connection to always come from an already known node to a new node). This functionality should probably be optional. It's currently not possible to implement something like this as client RPC creates a temporary node, so it would prevent any administrative operation, however as we move to a REST admin API, it should become possible
trinity-1686a added the
kind
improvement
kind
ideas
labels 2022-05-23 20:39:02 +00:00
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: Deuxfleurs/garage#310
No description provided.