[HN Gopher] A Kubernetes engineer's guide to mTLS
       ___________________________________________________________________
        
       A Kubernetes engineer's guide to mTLS
        
       Author : PagCat
       Score  : 23 points
       Date   : 2021-08-27 16:37 UTC (6 hours ago)
        
 (HTM) web link (buoyant.io)
 (TXT) w3m dump (buoyant.io)
        
       | williamallthing wrote:
       | Just published this earlier this morning. Would love your
       | comments and corrections. TLS is a huge topic and I'm sure I got
       | something wrong in here.
        
       | mdaniel wrote:
       | Please include the one extra character that turns on `--fail` for
       | curl, lest `HTTP/2 500\r\ncontent-type: text/html` sent right
       | into a shell ruin some user's day                   curl -fsL
       | run.linkerd.io/install | sh
       | 
       | and, while I can appreciate how slick it may look, in a post
       | about mTLS including the protocol can save someone the coffee
       | shop/hotel intercepting the request and violating the
       | Authenticity tenant, to say nothing of, again, sending html into
       | shell                   curl -fsL https://run.linkerd.io/install
       | | sh
       | 
       | I didn't bother to read the relevant scripts, but it's very, very
       | likely they contain bash-isms, in which case those other 2
       | characters can also lead to better outcomes:
       | curl -fsL https://run.linkerd.io/install | bash
        
         | noobquestion81 wrote:
         | Funny, the point of TLS is to prevent MITM attackers from
         | reading traffic. The two install commands provided would give a
         | LAN or MITM attacker root on your host.
        
       ___________________________________________________________________
       (page generated 2021-08-27 23:02 UTC)