>>> * CA pollution; generating a certificate on each reboot
>>> for each node will create a huge number of certificates
>>> in the engine side, which eventually may damage the CA.
>>> (Unsure if there's a limitation to certificates number,
>>> but having hundreds of junk cert's can't be good).
>> We could have vdsm/engine store the certs on the engine side, and on
>> boot, after validating the host (however that is done), it will load the
>> certs onto the node machine.
> This is a security issue, since the key pair should be
> generated on the node. This will lead us back to your TPM
> suggestion, but (although I like it, ) will cause us
> to be tpm-dependent, not to mention a non-trivial implementation.
1. generate cert on oVirt Node
2. generate symmetric key and embed in TPM or use embedded symmetric
key (for secured network model)
3. encrypt certs w/ symmetric key
4. push encryted cert to oVirt Engine
1. download encrypted cert from OE
2. use either embedded symmetric key or retrieve TPM based symmetric
key and use to decrypt cert
So no dependency on TPM, but the security is definitely much better if
you have it. Use cases like this are one of the fundamental reasons why
TPM exists :)
vdsm-devel mailing list