tang icon indicating copy to clipboard operation
tang copied to clipboard
verified publisher icon latchset

Support push model

Open npmccallum opened this issue 9 years ago • 3 comments

Support pushing keys to the client from the server.

npmccallum avatar Feb 08 '16 20:02 npmccallum

Could you please elaborate how this works?

I'm looking to solve a use case where the network is not private. That means that if clevis knows the server the image can be decripted since the attacker can make the request manually or stat the image on another machine.

I imagine that by pushing the keys from the server, the client does not know the server so this becomes harder to do?

Is that the use case or is it something else?

ieugen avatar Feb 03 '18 01:02 ieugen

The idea was that the client would start the recovery process and wait for an incoming packet. This would allow an orchestrator process to push codes to cloud nodes. We haven't implemented this (obviously).

npmccallum avatar Feb 03 '18 01:02 npmccallum

I'm currently reviewing mechanisms for key management and this issue is the one that I identified from the start as a blocker for tang in my perspective. Our threat model doesn't consider "making the network secure" a good choice. In the world of IPv6 I would always only consider the network being fully secure one layer in the "swiss cheese" model (or "defense in depth"). Is this something you're still considering to do at some point? (I kind of doubt it looking at the time stamps, but I guess it doesn't hurt to ask. ;) )

ctheune avatar Mar 19 '23 13:03 ctheune