You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi we use spire+TPM for host identity. Spire follows the zero trust networking security model, which assumes that network communication is inherently untrustworthy or potentially fully compromised. However, it also assumes that the hardware running SPIRE components can be trusted. In our threat model, we don't fully trust the host (e.g. running the spire agent) and are trying to leveraging hardware elements (HSM, TPM etc.) to protect keys.
One of the problem is to implement one feature called spire agent key binding. In particular,
The spire agent key is stored in TPM (we call it TPM agent key).
The spire server issues the agent certificate only if the CSR is signed by the TPM agent key in the same TPM as TPM EK and AK.
For 1, we think Spire has very good support. For 2, we tried to verify whether CSR is signed by the TPM agent key in Spire server in node attestation (we set reattestable to true). Specifically, we attach "evidence" in the node attestation payload which is combined with CSRs for the verification. However,
Another way is to let Node attestation plugin verify the CSR. However, the plugin can only access the payload which is not including CSR.
We mixed tow agent plugins together (key manager and node attestation) to solve key binding problem. We would like to know if it is the right way to leverage Spire node attestation to solve key binding problem. If not, any suggestions? Thank you!
The text was updated successfully, but these errors were encountered:
Hi we use spire+TPM for host identity. Spire follows the zero trust networking security model, which assumes that network communication is inherently untrustworthy or potentially fully compromised. However, it also assumes that the hardware running SPIRE components can be trusted. In our threat model, we don't fully trust the host (e.g. running the spire agent) and are trying to leveraging hardware elements (HSM, TPM etc.) to protect keys.
One of the problem is to implement one feature called spire agent key binding. In particular,
For 1, we think Spire has very good support. For 2, we tried to verify whether CSR is signed by the TPM agent key in Spire server in node attestation (we set
reattestable
to true). Specifically, we attach "evidence" in the node attestation payload which is combined with CSRs for the verification. However,We mixed tow agent plugins together (key manager and node attestation) to solve key binding problem. We would like to know if it is the right way to leverage Spire node attestation to solve key binding problem. If not, any suggestions? Thank you!
The text was updated successfully, but these errors were encountered: