Ok. tweet thread time! Too long ago I promised to write a screed explaining how much I hated mutual-auth TLS and why. I got distracted, and I wasn't happy with the writing, so here it is in tweet thread form instead! But basically: Client certs and Mutual-Auth TLS is TERRIBAD.
-
-
Your critique is totally fair in that I don't have much better to offer; signed requests are hard right now, especially DIY. I mainly encounter these issues as an "Apache SSL" person, so I naturally see only the worst issues but I feel like no other authz system has regexes!
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
OTOH, I think there are really fundamental problems with Istio/SPIFFE & other "service mesh" type network security mechanisms, especially regarding the way they (don't) integrate w/ service discovery. OTOH they are trade-offs that are addressing (paying) users' requests.
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.