On Wed, Aug 24, 2011 at 7:32 AM, It Dept <i...@ukcrd.com> wrote: > Hello, > > We are attempting to set up a completely secure puppet based system. > Puppet's encrypted communications between the master and the client is > ideal, but its client joining and certificate transfer mechanism is > not. The client certificate request and signed certificate response is > vulnerable to man-in-the-middle attacks since the CA is not verified.
The CA pub keys should be deployed to the agent as part of the provisioning process. This is no different than how your browser trust a well known certificate signing authority, it has to be deployed to the client in advance. Ideally, roll it into a package and generate it with a sufficiently long TTL. > We would like a system which could not be compromised by the removal > of a file from a client coupled with a man-in-the-middle attack. Does > anyone know of any magic "force secure connections" options or > similar? Man in the middle in itself doesn't pose an issue, however if the attacker have access to the agent system to replace the entire ssl directory, I think you have bigger problem on your hand, and it's not something certificates were designed to protect you against. This is no different then asking the question, if someone replaced my web browser certificate trust and hijacks my DNS, how do I know he's not acting as man in a middle as my bank's website? Thanks, Nan -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
