• Helga Velroyen's avatar
    Detailing SSH part of 'desing-node-security' · b123fb31
    Helga Velroyen authored
    This patch elaborates the node security design wrt to SSH
    key handling to make sure it is feasible before starting
    the implementation.
    In this updated design the first and more simple proposal
    of simply removing the private root key from normal nodes
    was abandoned, because the implementation of various
    node operations (adding/removing, promoting/demoting)
    turned out to contain too many security problems so that
    the second proposal, where each node get's a separate
    key pair was chosen to be implemented.
    Signed-off-by: default avatarHelga Velroyen <helgav@google.com>
    Reviewed-by: default avatarKlaus Aehlig <aehlig@google.com>
design-node-security.rst 27.8 KB