Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I would argue that if you have services then the right place to put encryption and authentication is at the service level. Building secure channels between IP addresses is all good, but do you really want to map roles/identities/privileges to specific IP addresses if those roles/identities/privileges really represent services?


Why not? The IPs are cryptographically mapped to a specific client. Doesn’t stop one from using DNS to find the IP.

Like I said: differently complex but it’s a general solution to the problem and doesn’t require changing more “inner” things as much.


What if you end up spinning more than one container for that service?

How are these containers getting the different secrets they need to identify themselves? Are you attaching IAM roles to them to get secrets from some secret store?


Said it twice before: differently complex. There are plenty of potential “solutions” to the specific scenario you’re describing, but my original comment was more “generally consider X instead of Y so you don’t have to care about Z” rather than “use X in this specific way and it will simply solve every problem with Y”.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: