[erlang-questions] TLS Distribution Certificate Strategy
Jesper Louis Andersen
jesper.louis.andersen@REDACTED
Tue Apr 24 12:02:37 CEST 2018
On Fri, Apr 20, 2018 at 3:57 PM Raimo Niskanen <
raimo+erlang-questions@REDACTED> wrote:
> Hello list!
>
> I am working on the task to get Erlang Distribution over TLS to be easy to
> use and flexible. :-/
>
>
You know what I am going to say:
"What are NOT part of this task?"
I have a general toxic reaction to words such as "easy to use" and
"flexible" because the former can hide important details in the name of
easy, but then make more intricate setups impossible; and the latter often
risks making the core of the system bad as a sacrifice for being able to do
anything.
For cloud services, the general rules are:
* Machines are brought up and down at a whim, they usually change IP
addresses, some times also networks.
* Machines can have stable DNS names where the underlying IP change, so be
prepared for that setting.
* Some systems don't have stable DNS either
* The network, cluster size, etc are all dynamic and will scale up and down
depending on load.
* The network is highly unreliable. Weekly disconnects are commonplace for
any point-to-point connection. In larger clusters, assume daily TCP
disconnects.
* The network is likely to deliberately fault-inject to verify the system
is robust under noise (Chaos-monkey strategies).
In this setting, the lure of having TLS would be that you don't have to
build a virtual network which also encrypts. Rather, you can just have the
Erlang nodes connect by TLS. It also simplifies the notion of connecting
"into" the cluster from the outside.
The Erlang distribution protocol is quite the contrary to the typical cloud
network though:
* Assumes a mostly stable static network
* Assumes a few static machines
* Assigns names to everything, in a somewhat static way
* Assumes you know every node "beforehand" in many situations
I feel this is the impedance mismatch which is present. Hence my original
pet-peeve: define the scope :)
My own solution would definitely be "screw you, TLS, here is my own public
key registry, vault, and libsodium/enacl :)"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20180424/e7d30e4d/attachment.htm>
More information about the erlang-questions
mailing list