Project

General

Profile

Task #7378

Updated by Nico Schottelius almost 5 years ago

h2. draft 1: "https only" 

 * Block everything incoming besides https 
 * Reasoning: 
 ** containers by default insecure 
 ** if https open -> it is likely intended 
 * container types (brainstorming) 
 ** databases 
 ** message broker 
 ** workers (probably not even reachable) 
 ** a lot of http only stuff 

 h2. draft 2: tls/ssl in a container 

 * get a name 
 * get a cert 
 * TBD 

 h2. draft 3: "NAT66 + firewall" 

 * Use the same approach as in IPv4 world 
 * We use a site local IPv6 addresses 
 * Do a NAT66 to the one IPv6 address of the host 
 * People can behave/have similar mechanisms as before 

Back