Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Excerpt

To prevent anybody

...

from eavesdropping on the bit repository data and messages exchanged, all communication is encrypted.

...

 


Child pages (Children Display)
depth3
styleh3
excerpttrue
excerptTypesimple

Implemented in BITMAG-198@jira

Encrypting the communication between pillars/clients and the coordinating layer

...

Messagebus communication

All protocol messages are exchanged via the messagebus (coordinating layer). To prevent anyone not part of the repository from eavesdropping, the communication is encrypted preferably using mutual TLS (mTLS). 

The use of mTLS ensures that a component (pillar or client) will only communicate with a trusted messagebus and the messagebus will refuse connections to unknown components. 

Instructions for setting up ActiveMQ to use ssl certificates can be found here: http://activemq.apache.org/how-do-i-use-ssl.html

Additional information can be found here:

http://timbish.blogspot.com/2010/04/ussing-ssl-in-nmsactivemq.html

Signing and optionally encrypting messages and data transfers

To ensure the authenticity of exchanged messages, they may be signed and optionally encrypted for confidentiality. Data transfers may be encrypted as well, using HTTPS. The certificates used for signing og encrypting data and messages are issued by the SLA owners - possibly assisted by the coordinating body.

...

. Additionally it should be ensured that only encrypted connections are available and that the ssl connector have the parameters "?wantClientAuth=true&needClientAuth=true" in its uri, this forces the use of mTLS. 

FileExchange

To exchange data a concept of FileExchange exists. Which protocols are supported is not set in stone, but caution should be taken to ensure that traffic is encrypted. 

The reference FileExchange is a WebDAV over a https (mTLS) connection. 

Distribution of certificates

To distribute certificates RepositorySettings is used as the single source of trust in the repository. That also encompasses the infrastructure components such as ActiveMQ and FileExchange. 

When setting up an ActiveMQ or FileExchange (e.g. WebDAV), certificates to trust should be taken from the RepositorySettings permissions section. 

Certificates used with encrypted messagebus and/or FileExchange should follow:

  • The ActiveMQ messagebus should trust certificates with the <InfrastructurePermission>MessageBusClient</InfrastructurePermission>
  • The FileExchange should only trust client certificates with the <InfrastructurePermission>FileExchangeClient</InfrastructurePermission> 
  • Clients and pillars should only trust ActiveMQ instances using certificates with the <InfrastructurePermission>MessageBusServer</InfrastructurePermission>
  • Clients and pillars should only trust FileExchange instances using certificates with the <InfrastructurePermission>FileExchangeServer</InfrastructurePermission>