-
Helga Velroyen authored
This patch elaborates the node security design wrt to SSH key handling to make sure it is feasible before starting the implementation. In this updated design the first and more simple proposal of simply removing the private root key from normal nodes was abandoned, because the implementation of various node operations (adding/removing, promoting/demoting) turned out to contain too many security problems so that the second proposal, where each node get's a separate key pair was chosen to be implemented. Signed-off-by: Helga Velroyen <helgav@google.com> Reviewed-by: Klaus Aehlig <aehlig@google.com>
b123fb31