Fix some doc typos.

pull/4275/head
Paul Banks 7 years ago committed by Jack Pearkes
parent 561bf69511
commit 2a467003a0

@ -49,7 +49,7 @@ Connect relies on to ensure it's security properties.
A service's identity, in the form of an x.509 certificate, will only be issued A service's identity, in the form of an x.509 certificate, will only be issued
to an API client that has `service:write` permission for that service. In other to an API client that has `service:write` permission for that service. In other
words, any client that has permission to _register_ an instance of a service words, any client that has permission to _register_ an instance of a service
will be able to identify as that service and access all of resources that that will be able to identify as that service and access all of the resources that that
service is allowed to access. service is allowed to access.
A secure ACL setup must meet these criteria: A secure ACL setup must meet these criteria:
@ -77,13 +77,13 @@ sufficient for ACL tokens to only be unique per _service_ and shared between
instances. instances.
It is much better though if ACL tokens are unique per service _instance_ because It is much better though if ACL tokens are unique per service _instance_ because
it limit the blast radius of a compromise. it limits the blast radius of a compromise.
A future release of Connect will support revoking specific certificates that A future release of Connect will support revoking specific certificates that
have been issued. For example if a single node in a datacenter has been have been issued. For example if a single node in a datacenter has been
compromised, it will be possible to find all certificates issued to the agent on compromised, it will be possible to find all certificates issued to the agent on
that node and revoke them. This will block all access to the intruder without that node and revoke them. This will block all access to the intruder without
taking unaffected instances of the service(s) on that node offline too. taking instances of the service(s) on other nodes offline too.
While this will work with service-unique tokens, there is nothing stopping an While this will work with service-unique tokens, there is nothing stopping an
attacker from obtaining certificates while spoofing the agent ID or other attacker from obtaining certificates while spoofing the agent ID or other
@ -103,15 +103,19 @@ Vault](https://www.vaultproject.io/docs/secrets/consul/index.html).
## Configure Agent Transport Encryption ## Configure Agent Transport Encryption
Consul's gossip (UDP) and RPC (TCP) communications need to be encrypted Consul's gossip (UDP) and RPC (TCP) communications need to be encrypted
otherwise attackers may be able to see tokens and private keys while in flight otherwise attackers may be able to see ACL tokens while in flight
between the server and client agents or between client agent and application. between the server and client agents (RPC) or between client agent and
application (HTTP). Certificate private keys never leave the host they
are used on but are delivered to the application or proxy over local
HTTP so local agent traffic should be encrypted where potentially
untrusted parties might be able to observe localhost agent API traffic.
Follow the [encryption documentation](/docs/agent/encryption.html) to ensure Follow the [encryption documentation](/docs/agent/encryption.html) to ensure
both gossip encryption and RPC TLS are configured securely. both gossip encryption and RPC/HTTP TLS are configured securely.
For now client and server TLS certificates are still managed by manual For now client and server TLS certificates are still managed by manual
configuration. In the future we plan to automate more of that with the same configuration. In the future we plan to automate more of that with the same
mechanisms connect offers to user applications. mechanisms Connect offers to user applications.
## Bootstrap Certificate Authority ## Bootstrap Certificate Authority
@ -202,4 +206,4 @@ integrate](/docs/connect/native.html) with connect.
If using any kind of proxy for connect, the application must ensure no untrusted If using any kind of proxy for connect, the application must ensure no untrusted
connections can be made to it's unprotected listening port. This is typically connections can be made to it's unprotected listening port. This is typically
done by binding to `localhost` and only allowing loopback traffic, but may also done by binding to `localhost` and only allowing loopback traffic, but may also
be achieved using firewall rules or network namespacing. be achieved using firewall rules or network namespacing.

Loading…
Cancel
Save