Move own CA transport layer mtls guidance to security docs #3932
Conversation
🔍 Preview links for changed docs |
…tent into self-tls-considerations
DaveCTurner
left a comment
DaveCTurner
left a comment
There was a problem hiding this comment.
I'm in transit at the moment and the wifi here is awful so this isn't a complete review, but overall looks good. I left some comments but will follow with more tomorrow.
…tent into self-tls-considerations
DaveCTurner
left a comment
DaveCTurner
left a comment
There was a problem hiding this comment.
Some pedantry about the page title & URL and one other comment, otherwise this looks great.
|
@DaveCTurner thanks for all of the feedback. let me know if you think there is anything else :) also dropped a comment in elastic/elasticsearch#137688 to close the loop |
DaveCTurner
left a comment
DaveCTurner
left a comment
There was a problem hiding this comment.
LGTM thanks for all your work on this @shainaraskas!
| @@ -0,0 +1,5 @@ | |||
| :::{warning} | |||
| Transport connections between {{es}} nodes are security-critical and you must protect them carefully. Malicious actors who can observe or interfere with node-to-node transport traffic can read or modify cluster data. A malicious actor who can establish a transport connection might be able to invoke system-internal APIs, including APIs that read or modify cluster data. | |||
There was a problem hiding this comment.
Is sentence 3 an explanation of sentence 2, or is it a separate thing? If it's an explanation, you could clarify that by saying something like:
| Transport connections between {{es}} nodes are security-critical and you must protect them carefully. Malicious actors who can observe or interfere with node-to-node transport traffic can read or modify cluster data. A malicious actor who can establish a transport connection might be able to invoke system-internal APIs, including APIs that read or modify cluster data. | |
| Transport connections between {{es}} nodes are security-critical and you must protect them carefully. Malicious actors who can observe or interfere with node-to-node transport traffic are a threat to your data's security. For example, a malicious actor who can establish a transport connection might be able to invoke system-internal APIs, including APIs that read or modify cluster data. |
There was a problem hiding this comment.
@DaveCTurner can you answer this? not sure if these two statements technically mean two different things
|
|
||
| You might choose to use an external CA to generate transport certificates for node-to-node connections. An external CA is any CA that is not managed using `elasticsearch-certutil`. | ||
|
|
||
| Transport connections between {{es}} nodes are security-critical and you must protect them carefully. Malicious actors who can observe or interfere with unencrypted node-to-node transport traffic can read or modify cluster data. A malicious actor who can establish a transport connection might be able to invoke system-internal APIs, including APIs that read or modify cluster data. |
There was a problem hiding this comment.
If you end up editing the own-ca-warning.md snippet based on my suggestions, apply the same changes here
Also, shouldn't this also be in a warning block? That way you can even reuse the snippet here
There was a problem hiding this comment.
this section JUST has the warning in it basically, which makes a warning block look wonky. that's why I skipped it.
was lazy with refactoring nesting on places where I had to include the warning block which is why this text doesn't use the snippet content
wajihaparvez
left a comment
wajihaparvez
left a comment
There was a problem hiding this comment.
LGTM! Suggested some minor edits
Ports over and lightly edits the content from elastic/elasticsearch#137688
also interlinks from every place where we introduce opportunities to BYO cert for transport mTLS.
core change: deploy-manage/security/external-ca-transport.md (placed so it applies to both ECK and fully self-managed deployments)