On Mon, May 14, 2012 at 1:14 PM, Trevor Vaughan <tvaug...@onyxpoint.com>wrote:
> I have no issue with the PSK technique BUT, I do have a couple > questions/concerns: > > 1) Please keep the old syntax in place so that users don't have to run > about modifying scripts everywhere. Internal command aliases should > work fine. > > 2) You say that we shouldn't be trusting the network (fine), but now > we're to distribute a PSK via an unsigned format (tar) over what > medium? If you don't have some sort of authenticator/identifier for > your clients, anyone on the network could make the connection and snag > the PSK, though it may be encrypted with HTTPS or somesuch. > We have a number of concerns internally about literal pre-shared keys and you've identified them directly. We think pre-shared-keys will degrade our security model of public key cryptography if used improperly. As a result, we haven't fully scrubbed the term "PSK" from all of our notes and material on Puppet Sites but we're thinking that it might be a token or another public key itself that doesn't degrade our public key model to that of a shared secret model. > This is (unfortunately) just a hard problem if you can't trust your > network to some degree. > Exactly. We're planning to address this problem with Sites by making it easier to setup Puppet in a secure way while also preserving our "secure out of the box" implementation of x.509 and trusted third party public key authentication. -Jeff -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
