-
Notifications
You must be signed in to change notification settings - Fork 240
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add option to enable TLS Security for CTLog server #1522
Comments
Are there any specific concerns about tampering of data? Operations against a CT log are verifiable because of crypto primitives outside of TLS, which would allow the parties involved to detect tampered data. Merkle trees do a great job of preventing tampering! In the event that you want to also add TLS to a CT log, would running it behind an nginx TLS proxy work for you? |
Thank you for confirming that the operations against CTlog are verifiable. We are also willing to enable TLS over all our services (including CT log) - In our stack, an application "Fulcio" is writing into CT log, which itself, writes and reads from Trillian. We are thinking to enable TLS, on both CT log and Trillian. Regarding the suggestion of using an nginx TLS proxy, that could be a practical solution. Fulcio would verify the certificates of nginx instead. |
The CTLog server currently operates without TLS encryption, which poses security risks such as potential interception and tampering of data during transmission. To enhance the security of the server and protect the integrity and privacy of the data being logged and transmitted, it is crucial to implement TLS (Transport Layer Security) for CTLog server.
The text was updated successfully, but these errors were encountered: