Add option to enable TLS Security for CTLog server #1522
Comments
|
Are there any specific concerns about tampering of data? Operations against a CT log are verifiable because of crypto primitives outside of TLS, which would allow the parties involved to detect tampered data. Merkle trees do a great job of preventing tampering! In the event that you want to also add TLS to a CT log, would running it behind an nginx TLS proxy work for you? |
|
Thank you for confirming that the operations against CTlog are verifiable. We are also willing to enable TLS over all our services (including CT log) - In our stack, an application "Fulcio" is writing into CT log, which itself, writes and reads from Trillian. We are thinking to enable TLS, on both CT log and Trillian. Regarding the suggestion of using an nginx TLS proxy, that could be a practical solution. Fulcio would verify the certificates of nginx instead. |
The CTLog server currently operates without TLS encryption, which poses security risks such as potential interception and tampering of data during transmission. To enhance the security of the server and protect the integrity and privacy of the data being logged and transmitted, it is crucial to implement TLS (Transport Layer Security) for CTLog server.
The text was updated successfully, but these errors were encountered: