Browse Source

docs: internals/security: minor fixes

pull/500/head
Dan Frost 10 years ago
parent
commit
84ac7fee60
  1. 9
      website/source/docs/internals/security.html.markdown

9
website/source/docs/internals/security.html.markdown

@ -10,8 +10,8 @@ description: |-
Consul relies on both a lightweight gossip mechanism and an RPC system Consul relies on both a lightweight gossip mechanism and an RPC system
to provide various features. Both of the systems have different security to provide various features. Both of the systems have different security
mechanisms that stem from their designs. However, the goals mechanisms that stem from their designs. However, the overall goal
of Consuls security are to provide [confidentiality, integrity and authentication](http://en.wikipedia.org/wiki/Information_security). of Consul's security model is to provide [confidentiality, integrity and authentication](http://en.wikipedia.org/wiki/Information_security).
The [gossip protocol](/docs/internals/gossip.html) is powered by [Serf](http://www.serfdom.io/), The [gossip protocol](/docs/internals/gossip.html) is powered by [Serf](http://www.serfdom.io/),
which uses a symmetric key, or shared secret, cryptosystem. There are more which uses a symmetric key, or shared secret, cryptosystem. There are more
@ -19,10 +19,11 @@ details on the security of [Serf here](http://www.serfdom.io/docs/internals/secu
The RPC system supports using end-to-end TLS, with optional client authentication. The RPC system supports using end-to-end TLS, with optional client authentication.
[TLS](http://en.wikipedia.org/wiki/Transport_Layer_Security) is a widely deployed asymmetric [TLS](http://en.wikipedia.org/wiki/Transport_Layer_Security) is a widely deployed asymmetric
cryptosystem, and is the foundation of security on the Internet. cryptosystem, and is the foundation of security on the Web, as well as
some other critical parts of the Internet.
This means Consul communication is protected against eavesdropping, tampering, This means Consul communication is protected against eavesdropping, tampering,
or spoofing. This makes it possible to run Consul over untrusted networks such and spoofing. This makes it possible to run Consul over untrusted networks such
as EC2 and other shared hosting providers. as EC2 and other shared hosting providers.
~> **Advanced Topic!** This page covers the technical details of ~> **Advanced Topic!** This page covers the technical details of

Loading…
Cancel
Save