per-entity - RE: [Per-Entity] deploying TLS on the MDQ server

Subject: Per-Entity Metadata Working Group

List archive

RE: [Per-Entity] deploying TLS on the MDQ server

From: "Cantor, Scott" <>
To: Tom Scavo <>, Per-Entity Metadata Working Group <>
Subject: RE: [Per-Entity] deploying TLS on the MDQ server
Date: Fri, 9 Sep 2016 02:20:02 +0000
Accept-language: en-US
Authentication-results: spf=pass (sender IP is 164.107.81.208) smtp.mailfrom=osu.edu; incommon.org; dkim=none (message not signed) header.d=none;incommon.org; dmarc=bestguesspass action=none header.from=osu.edu;
Ironport-phdr: 9a23:ciwfkhJGGgOZ7TxoDNmcpTZWNBhigK39O0sv0rFitYgUL/vxwZ3uMQTl6Ol3ixeRBMOAtKIC1rGd6v2ocFdDyKjCmUhKSIZLWR4BhJdetC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TWapAQfERTnNAdzOv+9WsuL15z2hKiO/MjvZAAAvzG0f7Q6eAmstg7YqM4+gI1+J7w3xweT5HZEZrISjVtlPxe+mQr9+tb42ZN/+ihZp/tpyMlaUqT8cOwXV7tFFHxyK20vocDtqRjfXCOO4HAbV2ARlFxPGQeTvz/gWZKk+ADzsPZ6wm3SBsbxUax+EWCp5qF3TwWu0g8ALCN//W3K3J8jxJlHqQ6s8kQsi7XfZ5uYYb8nJvvQ
Spamdiagnosticmetadata: NSPM
Spamdiagnosticoutput: 1:99

> The key word on the subject line is "deploy." Personally, I'm not
> convinced that the benefits of TLS outweigh the costs (especially if
> we tighten validUntil) but in order to advance the discussion, let me
> ask the relevant deployment questions:

To be honest, I really didn't consider it likely we'd get the validUntil
window tight enough to really give me the warm fuzzies. I would be very happy
to see it happen, obviously, but I understand the difficulties. I do think
that the issues with aggregates and MDQ are very different. The longer window
on the aggregate works mainly because the updates are much less frequent and
less predictable in terms of timing.

> 1) The metadata signing key also signs the TLS server certificate.
> 2) TLS certificates are short-lived, on the order of days.
> 3) Revocation is not necessary (since TLS certificates are short-lived).
>
> The above deployment has teeth but I'm afraid it is nontrivial to
> implement. Are there other deployment scenarios that are easier to
> implement yet meet our needs?

I was pretty open on the call that I didn't think we had adequately studied
the issues here. I *lean* toward a self-signed certificate, because I pretty
much always do when it comes to server-side use cases. But I haven't thought
it through either.

-- Scott

[Per-Entity] deploying TLS on the MDQ server, Tom Scavo, 09/08/2016
- RE: [Per-Entity] deploying TLS on the MDQ server, Paul Caskey, 09/08/2016
  - Re: [Per-Entity] deploying TLS on the MDQ server, Tom Mitchell, 09/08/2016
    - Re: [Per-Entity] deploying TLS on the MDQ server, IJ Kim, 09/08/2016
      - Re: [Per-Entity] deploying TLS on the MDQ server, Tom Scavo, 09/08/2016
        
        Re: [Per-Entity] deploying TLS on the MDQ server, David Walker, 09/08/2016
        
        Re: [Per-Entity] deploying TLS on the MDQ server, Tom Scavo, 09/08/2016
        
        RE: [Per-Entity] deploying TLS on the MDQ server, Paul Caskey, 09/08/2016
        Re: [Per-Entity] deploying TLS on the MDQ server, Steve Thorpe, 09/08/2016
    - RE: [Per-Entity] deploying TLS on the MDQ server, Cantor, Scott, 09/09/2016
- RE: [Per-Entity] deploying TLS on the MDQ server, Cantor, Scott, 09/09/2016
  - Re: [Per-Entity] deploying TLS on the MDQ server, Tom Scavo, 09/09/2016
    - Re: [Per-Entity] deploying TLS on the MDQ server, Cantor, Scott, 09/09/2016
      - Re: [Per-Entity] deploying TLS on the MDQ server, Tom Scavo, 09/09/2016
        
        RE: [Per-Entity] deploying TLS on the MDQ server, Paul Caskey, 09/09/2016
        
        Re: [Per-Entity] deploying TLS on the MDQ server, David Walker, 09/09/2016
        
        Re: [Per-Entity] deploying TLS on the MDQ server, Cantor, Scott, 09/09/2016

List archive

RE: [Per-Entity] deploying TLS on the MDQ server