One of the things that has surprised me about k8s and the CNCF projects is the love for authentication using mutual-auth TLS. Google ALTS seems to be common inspiration. I can't find many papers/blogs on why request auth is better than channel auth. Anyone have pointers?
-
-
How is request auth here better? (I'm assuming by "request auth" you mean a bearer token.) Suffers from the same truncation attack. If you are referring to fully authenticated messages, agreed they have a number of benefits; I'm not certain why they're so thinly deployed.
-
I definitely do not mean a bearer token. Check out our SIGv4 algorithm; https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html …
- 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.