require new nodes to be validated before being able to connect #310
Labels
No labels
action
check-aws
action
discussion-needed
action
for-external-contributors
action
for-newcomers
action
more-info-needed
action
need-funding
action
triage-required
kind
correctness
kind
ideas
kind
improvement
kind
performance
kind
testing
kind
usability
kind
wrong-behavior
prio
critical
prio
low
scope
admin-api
scope
background-healing
scope
build
scope
documentation
scope
k8s
scope
layout
scope
metadata
scope
ops
scope
rpc
scope
s3-api
scope
security
scope
telemetry
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: Deuxfleurs/garage#310
Loading…
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Today the RPC is secured by requiring the knowledge of the RPC secret and the ip and node id of at least one node. To make Garage more secure against leakage of the RPC secret and node id, Garage could require a new node to be accepted by an other node before it can issue any RPC command (or require initial connection to always come from an already known node to a new node). This functionality should probably be optional.
It's currently not possible to implement something like this as client RPC creates a temporary node, so it would prevent any administrative operation, however as we move to a REST admin API, it should become possible