60 likes | 156 Views
Large-scale issuing of host certs in a member-integrated or institutional CA environment. Initial use case. Centrally managed Large data centres Example: CERN >> 10 000 systems Institutional properties
E N D
Large-scale issuing of host certs in a member-integrated or institutional CA environment
Initial use case • Centrally managed Large data centres • Example: CERN>> 10 000 systems • Institutional properties • operating (as an EIRO) an institutionally-embedded CAbut could also be an automated RA for an external CA ... • managed hosts in physically controlled environment • fully centralised configuration management Aim: provision host certs in a scalable and secure way
Workflow • New servers that are put into production in the CERN Computer Center will communicate with the Configuration Manager Servers and will signal that they require a host certificate. • After the validation of the requester Configuration Manager Servers will be able to request host certificates of the new template on behalf of the servers from step 1. Only those Configuration Manager Server possessing a valid Robot certificate will be able to do that. Robot certificates will be installed on them manually and following the standard through-the-website procedure. • The requests from step 2 will be securely sent to CERN CA using a special web service (not a website) • The reply from CERN CA will be sent to the Server from step 1.
Obvious pros and cons • With O(1000) requests, humans cannot accurately check them all for correctness: automated process reduces number of errors • Close integration with CA request process reduces number of points between admin RA CA • Automated processes can make errors as well, and very fast indeed • Identification of ‘new’ computer hardware is non-trivial • Humans are good at identifying oddities, making some attack modes harder to exploit
Proposal • Full discussion in January (Ljubljana) • extended description will be given by Alexey (CERN) • assess risks and opportunities • Needs description in CP/CPS • address attacks on CM servers (referring to the attacks on automated CAs recently, like Comodo, DigiNotar, ...) • heuristics to mitigate risk (correlation with installments, domain checks, time-of-day, etc.) • identification of requesting machines? How can that be done? TPM, MAC, network,... • Case should be supported – scaling really needed!