Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SPIFFE Cert Validator documentation #17511

Closed
azdagron opened this issue Jul 27, 2021 · 6 comments · Fixed by #17708
Closed

SPIFFE Cert Validator documentation #17511

azdagron opened this issue Jul 27, 2021 · 6 comments · Fixed by #17708
Assignees
@mathetake
Labels
area/docs area/tls

Comments

@azdagron
Copy link

azdagron commented Jul 27, 2021
edited
Loading

+@mathetake, who authored the extension.

The SPIFFE TLS CertValidator extension metadata currently marks the extension as WIP with an unknown security posture.

envoy.tls.cert_validator.spiffe:
  categories:
  - envoy.tls.cert_validator
  security_posture: unknown
  status: wip

This results in cautionary text being added to the documentation. I'm totally on board with setting correct expectations with consumers. I'm also very interested in the extension moving into a more trusted position.

What is the process to go through to get these changed to more favorable values?
@azdagron azdagron added the triage Issue requires triage label Jul 27, 2021
@mathetake mathetake added area/tls area/docs and removed triage Issue requires triage labels Jul 28, 2021
@mathetake
Copy link
Member

Hi @azdagron! Thanks for this. Actually, we can at least move this to status: alphaand security_posture: requires_trusted_downstream_and_upstream as described
https://github.com/envoyproxy/envoy/blob/main/EXTENSION_POLICY.md#extension-stability-and-security-posture

The reason for status: alpha is because I think we haven't had enough production burn time yet. wdyt?

@mathetake mathetake self-assigned this Jul 28, 2021
@azdagron
Copy link
Author

alpha seems like an appropriate status until this has more time to bake! We're adding support into SPIRE agent now to surface this extension in the SPIRE agent's SDS implementation.

For the security posture, I'm not sure how the job of this extension could be influenced by downstream or upstream? Seems like the only trusted party needs to be the SDS implementation?

@mathetake
Copy link
Member

well, this is not about the SDS implementation (since the extension implementation is totally decoupled from SDS impl), but about the actual traffics handled by this extension - about the fact that all downstream/upstream tls connections are handled by this extensions. Having said that, maybe we could promote this to robust_to_untrusted_downstream_and_upstream since all the actually cipher stuff is handled in BoringSSL internally, and our SPIFFE specific logics have 100% test coverage. WDYT?

@azdagron
Copy link
Author

That seems fine to me, but it wasn't clear reading about the security_posture declaration if there was a formal process to getting that status elevated (i.e. security audit, fuzzing, etc).

@mathetake
Copy link
Member

I guess there's no formal process - e.g. #15576 - I will just raise a PR so we can discuss with other maintainers. sg?

@azdagron
Copy link
Author

Sounds good to me. Thanks @mathetake !

@mathetake mathetake mentioned this issue Aug 13, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mathetake mathetake

Labels
area/docs area/tls
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

doc: promote SPIFFE Cert Validator to alpha, set security_posture. mathetake/envoy
2 participants
@azdagron @mathetake