Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[release/v0.8] coordinator: use random key for intermediate CA #733

Merged
merged 1 commit into from
Jul 17, 2024

Conversation

edgelessci
Copy link
Contributor

Backport of #732 to release/v0.8.

Original description:


When we introduced Coordinator recovery, we decided to derive all key material deterministically from the seed. This implies that whoever owns the seed can derive these keys offline, too. However, since the seed needs to be held by the workload owner for recovery, the data owner can't trust in the mesh CA cert without trusting the workload owner.

This PR reverts to a random mesh/intermediate key, which is inaccessible to the workload owner. The trade-off is that the mesh key changes after recovery, and all workloads need to be restarted in order to pick up this change.

@edgelessci edgelessci requested a review from katexochen as a code owner July 17, 2024 07:33
@edgelessci edgelessci added the bug fix Fixing a user facing bug label Jul 17, 2024
Copy link

github-actions bot commented Jul 17, 2024

PR Preview Action v1.4.7
Preview removed because the pull request was closed.
2024-07-17 08:13 UTC

@katexochen katexochen merged commit b7d4d18 into release/v0.8 Jul 17, 2024
10 checks passed
@katexochen katexochen deleted the backport-732-to-release/v0.8 branch July 17, 2024 08:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug fix Fixing a user facing bug
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants