Page MenuHomePhabricator
Create Task
Maniphest T240863

Secure shared ticket key rotation for anycast authdns
Closed, DeclinedPublic
Actions

Description

Before we turn on anycasting for authdns, we'll want to create a mechanism for rotating ticket keys frequently and distributing them securely to tmpfs on the servers. This will allow session resumption to not be perturbed by anycast fluctuations.

Related Objects
Search...

Event Timeline

BBlack created this task.Dec 16 2019, 2:52 PM
BBlack mentioned this in T239994: Implement DNS-over-TLS for AuthDNS.Dec 16 2019, 5:09 PM
ema triaged this task as Medium priority.Dec 20 2019, 12:34 PM
ema moved this task from Backlog to Some old column on the Traffic board.
BBlack closed this task as Declined.May 19 2020, 4:43 PM

There's not much DoTLS adoption so far, and really our primary HTTPS termination needs this more than AuthDNS does, at which point we can just copy whatever solution emerges there.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits