|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [MirageOS-devel] TLS deployments/feedback needed
On 20 May 2015 at 14:40, Amir Chaudhry <amc79@xxxxxxxxx> wrote: > Hi folks, > > The TLS work is proceeding well and you might have noticed that > https://mirage.io is working, which is using the TLS stack. Since weâre on > the brink of doing some releases, itâs important that we get a few more > actual deployments out there to gather more feedback and highlight any issues. > > Iâm inviting folks on this list to try out OCaml-TLS with some of the things > theyâve already built. Specifically, Iâm wondering if: > > Thomas Leonard â Would you (have you already) got the new stuff working with > your REST service? How about Cuekeeper? Actually, I just got CueKeeper working with the new TLS stuff today. It's on my experimental "server" branch: https://github.com/talex5/cuekeeper/tree/server The README explains how to generate a self-signed certificate and add it to your browser. However, CueKeeper+server has many missing pieces at the moment: - You have the click the Sync button every time you want to sync. It doesn't do it automatically. - There's no access control. Anyone can connect to your server (over TLS) and read/modify anything :-) - There's no certificate pinning, so anyone with a certificate from a rouge CA can impersonate your service. - The server doesn't persist the data on reboot (it will resync from the client instead). However, it's still useful to sync between devices. If it works for anyone else, let me know! You might have to pin conduit to get the new tls to install. See the travis.yml for the appropriate pins. > Mindy Preston â Would you up for trying this out on your static website (i.e. > run https://somerandomidiot.com)? > > Mort â As for Mindy, would you be able to set up https://mort.io? > > In fact, *anyone* running a static website could probably have a go at this > with minimal risk. Until recently, it's only been deployed on the Pinata and > the TLS handshake site. Although itâs worked well â and been stable â for > those sites, we should try to make sure itâs working well when others try it > out. Note that Thomas Gazagnaire has made a very nice tool for turning static web-sites into TLS-enabled unikernels automatically: https://github.com/samoht/mirage-seal -- Dr Thomas Leonard http://roscidus.com/blog/ GPG: DA98 25AE CAD0 8975 7CDA BD8E 0713 3F96 CA74 D8BA _______________________________________________ MirageOS-devel mailing list MirageOS-devel@xxxxxxxxxxxxxxxxxxxx http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |