|
|
@ -10,8 +10,8 @@ description: |- |
|
|
|
|
|
|
|
|
|
|
|
Consul relies on both a lightweight gossip mechanism and an RPC system |
|
|
|
Consul relies on both a lightweight gossip mechanism and an RPC system |
|
|
|
to provide various features. Both of the systems have different security |
|
|
|
to provide various features. Both of the systems have different security |
|
|
|
mechanisms that stem from their designs. However, the goals |
|
|
|
mechanisms that stem from their designs. However, the overall goal |
|
|
|
of Consuls security are to provide [confidentiality, integrity and authentication](http://en.wikipedia.org/wiki/Information_security). |
|
|
|
of Consul's security model is to provide [confidentiality, integrity and authentication](http://en.wikipedia.org/wiki/Information_security). |
|
|
|
|
|
|
|
|
|
|
|
The [gossip protocol](/docs/internals/gossip.html) is powered by [Serf](http://www.serfdom.io/), |
|
|
|
The [gossip protocol](/docs/internals/gossip.html) is powered by [Serf](http://www.serfdom.io/), |
|
|
|
which uses a symmetric key, or shared secret, cryptosystem. There are more |
|
|
|
which uses a symmetric key, or shared secret, cryptosystem. There are more |
|
|
@ -19,10 +19,11 @@ details on the security of [Serf here](http://www.serfdom.io/docs/internals/secu |
|
|
|
|
|
|
|
|
|
|
|
The RPC system supports using end-to-end TLS, with optional client authentication. |
|
|
|
The RPC system supports using end-to-end TLS, with optional client authentication. |
|
|
|
[TLS](http://en.wikipedia.org/wiki/Transport_Layer_Security) is a widely deployed asymmetric |
|
|
|
[TLS](http://en.wikipedia.org/wiki/Transport_Layer_Security) is a widely deployed asymmetric |
|
|
|
cryptosystem, and is the foundation of security on the Internet. |
|
|
|
cryptosystem, and is the foundation of security on the Web, as well as |
|
|
|
|
|
|
|
some other critical parts of the Internet. |
|
|
|
|
|
|
|
|
|
|
|
This means Consul communication is protected against eavesdropping, tampering, |
|
|
|
This means Consul communication is protected against eavesdropping, tampering, |
|
|
|
or spoofing. This makes it possible to run Consul over untrusted networks such |
|
|
|
and spoofing. This makes it possible to run Consul over untrusted networks such |
|
|
|
as EC2 and other shared hosting providers. |
|
|
|
as EC2 and other shared hosting providers. |
|
|
|
|
|
|
|
|
|
|
|
~> **Advanced Topic!** This page covers the technical details of |
|
|
|
~> **Advanced Topic!** This page covers the technical details of |
|
|
|