On Thu, 2006-08-31 at 18:17 +0100, Mark McLoughlin wrote:
> On Thu, 2006-08-31 at 10:32 -0600, Jeffrey Law wrote:
>
> > By distributing the puppet CA cert in the OS image we get the
> > end-to-end secured channel.
>
> Right, or if you were doing something similar with SSH, the OS image
> would contain the server's host key fingerprint in known_hosts.
Right.
>
> > The weak link at this point becomes dhcp/tftp. Mr. bad guy
> > would need to attack that point so that he could serve a
> > different OS image with a different CA cert. If successful
> > mr. bad guy could then run a successful MITM and give the
> > client/victim bogus ssh keys. I'm not immediately aware of
> > anyone that's looked at hardening dhcp/tftp.
>
> Yep, only real solution to that would be that you'd do the initial
> bootstrapping by booting a CD containing the OS image.
Agreed. Burning the OS image to a DVD would be trivial...
And since we're already running the client side imaging from within
a readonly-root environment, it would probably "just work".
What's interesting is that in some secure environments, network
installs may be the preferred method -- handling of physical media,
particularly removable media is highly discouraged. Just a piece
of trivia....
jeff
[Kernel Newbies]
[Share Photos]
[IDE]
[Security]
[Git]
[Netfilter]
[Bugtraq]
[Photo]
[Yosemite]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Linux ATA RAID]
[Samba]
[Linux Media]
[Device Mapper]
[Linux Resources]
