Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Would OWASP be interested in publishing a guide on how to do cross-organization mTLS? #991

Open
MarkSRobinson opened this issue Sep 9, 2024 · 5 comments

Comments

@MarkSRobinson
Copy link

I've been working with cross-organization mTLS for quite a while and the standard guidance (just do whatever you want) is remarkably terrible.

Would OWASP be interested in publishing a guide on how to do it right that focuses on security, operations, and not emailing certificates around?

@kingthorin
Copy link
Contributor

Sure. Not sure if it's best here or as part of the cheat sheet series. Lemme see if I can drum up some other input.

@bkimminich
Copy link
Member

Agree that this sounds like a good Cheat Sheet! Maybe there's even one where this could fit in already?

@kwwall
Copy link

kwwall commented Sep 15, 2024

@MarkSRobinson - Would you mind bring this up as an issue for the OWASP Cheat Sheet Series at https://github.com/OWASP/CheatSheetSeries/issues ? I am both a contributor and reviewer of Cheat Sheets and I think this would be more appropriate there. Thanks.

@oej
Copy link

oej commented Sep 16, 2024

There is a discussion in the IETF UTA wg about writing specs for mTLS which is missing.

@MarkSRobinson
Copy link
Author

@kwwall Good idea - OWASP/CheatSheetSeries#1492

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants