Suggestions on TLS, defaults, and documentation


(Charles Lanahan) #1

I want to start out this post that may sound like criticism by saying that I think dgraph is great so far and appreciate all the work that’s gone into it and that TLS authentication is supported this early on (some projects never seem to get around to even thinking about that at the early stages).

However, I went down a rabbit hole at work today trying to setup TLS according to my understanding of best practices and ran into some trouble. I’ll just list my experiences and the dgraph team can take them or leave them.

  1. Right now the TLS configuration documentation is a little weak. It seems like in the future you’ll want people to lean on dgraph cert which isn’t a bad strategy for most users, but it’d be nice if particulars of requirements can be listed so that advanced users could pick their own security configuration choices. Furthermore, I was originally confused by whether I was being led to use dgraph cert or generating certificates via the old openssl generation mechanism. I see there’s an open issue from March for someone to look at this https://github.com/dgraph-io/dgraph/issues/2216 but maybe other things got in the way. As a new user I was confused.
  2. RSA is now considered suspect in the near future (10-20 years) in the cryptographic community. Modern best practice is to use Elliptic curve cryptography, especially with simple curves, widely known, that lots of people have looked at. Curve 25519 is the typical recommendation.
  3. Maybe the go/crypto libraries are good but its also might be worthwhile to just have an external dependency on openssl or libnacl due to the number of eyes these projects have had over the years. This is obviously a lot to ask since its easier for dgraph team to distribute without this external dependency but security is important imo and might be something the team thinks may be worth considering.

So mostly as an end user, I’d prefer security (especially if being shuttled into dgraph cert to manage the TLS implementation) to be a little more configurable based on changing security postures and think that it might be a good idea to use best practices as defaults over RSA.

Filed this feature request on recommendation of slack discussion and posted this forum post so that the idea could be discussed. If I can find some free time this weekend to learn Go, might try to submit some PRs if I can figure it out. Once again, the product is great! This post is just an attempt to help it be better.


(Charles Lanahan) #2

I have more links for information, but the discuss isn’t letting me post them as a new user sorry :frowning:

https://latacora.micro.blog/2018/04/03/cryptographic-right-answers.html


(Daniel Mai) #3

Thanks for your feedback. We’ve heard from people that configuring TLS for Dgraph was too cumbersome, which is why dgraph cert now exists. It has only just been released, so we’ll continue to improve it based on experience reports like yours.