Presentation: Practical mTLS: Security Without the Headaches

Track: Building Security Infrastructure

Location: Plymouth - Royale, 6th fl.

Day of week:

Slides: Download Slides

Level: Intermediate - Advanced

Persona: Architect, CTO/CIO/Leadership, Developer, Security Professional

More talks on:

Abstract

Over the last few years, more and more system administrators and developers have become concerned about guaranteeing the authenticity, integrity, and confidentiality of their network communications. TLS has emerged as the solution recommended by security practitioners for all these problems. Let's Encrypt makes it easy to get a lock icon on a web browser, but in many cases public certificate authorities are inappropriate for private and internal uses. How can you mutually authenticate and secure communication between the services internal to your own infrastructure?

Unfortunately, setting up and maintaining the necessary Public Key Infrastructure that allows applications to communicate via mutual TLS is operationally challenging, contributing to the slow adoption of these security best practices.

Enter Docker swarm, a container orchestrator that significantly simplifies the operational complexities around issuance, renewal and distribution of TLS certificates for your nodes. This talk discusses in detail the implementation challenges of Swarm, how we greatly reduced the overhead necessary to manage an infrastructure that makes use of TLS certificates, and how we've added features such as transparent root key rotation, that reduce the risk of key compromise, and significantly increase the usability of Public Key Infrastructure.

Speaker: Ying Li

Security Engineer @Docker

Ying Li is a security engineer at Docker, based in San Francisco, focused on building security features for projects and products. Prior to Docker, Ying worked on the autoscaling system at Rackspace.

Find Ying Li at

Speaker page

@cyli
https://www.linkedin.com/in/ying-li-3a681014/

Similar Talks

Psychologically Safe Process Evolution in a Flat Structure

Qcon

Director of Software Development @Hunter_Ind

Christopher Lucian

Not Sold Yet, GraphQL: A Humble Tale From Skeptic to Enthusiast

Qcon

Software Engineer @Netflix

Garrett Heinlen

Let's talk locks!

Qcon

Software Engineer @Samsara

Kavya Joshi

How Did Things Go Right? Learning More From Incidents

Qcon

Site Reliability Engineering @Netflix

Ryan Kitchens

Graceful Degradation as a Feature

Qcon

Director of Product @GremlinInc

Lorne Kligerman

A Dive Into Streams @LinkedIn With Brooklin

Qcon

Data Infrastructure @LinkedIn

Celia Kung

Liberating Structures @CapitalOne

Qcon

Agile Coach, Engineering @CapitalOne

Greg Myers

Making 'npm install' Safe

Qcon

Software Engineer @agoric

Kate Sills

Driving Technology Transformation at @WeWork

Qcon

Fellow Engineer, Developer Platform @WeWork

Hugo Haas

Tracks

Tracks

Non-Technical Skills for Technical Folks

Trust, Safety, & Security

Data Engineering for the Bold

Machine Learning for Developers

Software Defined Infrastructure: Kubernetes, Service Meshes, & Beyond

21st Century Languages

High-Performance Computing: Lessons from FinTech & AdTech

Modern Java Innovations

Architecting for Success when Failure is Guaranteed

Building High-Performing Teams

Human Systems: Hacking the Org

Modern CS in the Real World

Developing/Optimizing Clients for Developers

Microservices / Serverless (Patterns & Practices)

Architectures You've Always Wondered About