torus-cli
torus-cli copied to clipboard
Gatekeeper: Bootstrap over SSL
Currently, all bootstrapping communication is done over a normal HTTP connection, however machine token ID and secret are shared back to the machine that is being bootstrapped. An evesdropper in your network could MITM to retrieve this information, and once the machine was given access, a malicious user could act as that machine.