nanog mailing list archives

Re: Trivial change in Public Cert behaviour coming soon

From: Grant Taylor via NANOG <nanog () lists nanog org>
Date: Fri, 23 May 2025 21:53:55 -0500

On 5/23/25 9:48 PM, Chris Adams via NANOG wrote:

If you have such a complicated multi-server setup that includes aneed to encrypt your internal traffic, you should definitely be usingsome configuration management system to make sure you have all theencryption set correctly


The tooling used (or not) is orthogonal to the discussion at hand.

at which point another cert is a trivial amount of effort.


The tooling doesn't alter the need for a second certificate & key.

Nor does the tooling speak to the added complexity / risks of a private CA.

Sometimes multi-server can be as few as two or three servers. Andthere's no guarantee that they are the same OS or otherwise use the sameconfiguration. So ... configuration management becomes even more overhead.




--
Grant. . . .
_______________________________________________

NANOG mailing listhttps://lists.nanog.org/archives/list/nanog () lists nanog org/message/MXRO4B7CZC34KZ5FY4JIYIKXTANTYLN7/

Current thread:

Re: Massive change in Public Cert behaviour coming soon, (continued)
- - - Re: Massive change in Public Cert behaviour coming soon John R. Levine via NANOG (May 27)
    - Re: Massive change in Public Cert behaviour coming soon Grant Taylor via NANOG (May 27)
    - Re: Massive change in Public Cert behaviour coming soon Eliot Lear via NANOG (May 27)
    - Re: Massive change in Public Cert behaviour coming soon Crist Clark via NANOG (May 27)
    - Re: Massive change in Public Cert behaviour coming soon Grant Taylor via NANOG (May 27)
    - Re: Trivial change in Public Cert behaviour coming soon John Levine via NANOG (May 27)
    - Re: Trivial change in Public Cert behaviour coming soon Grant Taylor via NANOG (May 27)
    - Re: Trivial change in Public Cert behaviour coming soon John Levine via NANOG (May 27)
    - Re: Trivial change in Public Cert behaviour coming soon Grant Taylor via NANOG (May 27)
    - Re: Trivial change in Public Cert behaviour coming soon Chris Adams via NANOG (May 27)
    - Re: Trivial change in Public Cert behaviour coming soon Grant Taylor via NANOG (May 27)
    - Re: Massive change in Public Cert behaviour coming soon brent saner via NANOG (May 27)
    - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Re: Massive change in Public Cert behaviour coming soon Tom Beecher via NANOG (May 27)
    - Re: Massive change in Public Cert behaviour coming soon Jay Acuna via NANOG (May 27)
    - Re: Massive change in Public Cert behaviour coming soon William Herrin via NANOG (May 27)
    - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Re: Massive change in Public Cert behaviour coming soon nanog--- via NANOG (May 27)
    - Re: Massive change in Public Cert behaviour coming soon William Herrin via NANOG (May 27)
    - Re: Massive change in Public Cert behaviour coming soon Christian de Larrinaga via NANOG (May 19)
    - Re: Massive change in Public Cert behaviour coming soon Tom Beecher via NANOG (May 19)
    - Re: Massive change in Public Cert behaviour coming soon Jay Acuna via NANOG (May 19)
    - Re: Massive change in Public Cert behaviour coming soon John Levine via NANOG (May 19)