Loading…
Virtual Event
November 17–November 20, 2020
Learn More and Register to Attend This Event

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon North America 2020 - Virtual to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Eastern Standard Time (UTC–05:00). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.
Back To Schedule
Wednesday, November 18 • 5:45pm - 6:20pm
PKI the Wrong Way: Simple TLS Mistakes and Surprising Consequences - Tabitha Sable, Datadog

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Feedback form is now closed.


Effective management of TLS certificates and keys is a serious challenge when running Kubernetes at scale. TLS mutual authentication secures all the Kubernetes control plane components, but there are many details that must be right. This talk looks at some of the ways common mTLS configuration mistakes can be abused and how you can reduce that risk. The presentation begins with a tour of the basics of TLS mutual authentication and how it is used by each control plane component. Then, Tabitha will demonstrate several example misconfigurations, exploit them for your education and amusement, and share recommendations to prevent them in your own clusters. You'll leave with a stronger understanding of this essential element of Kubernetes cluster deployment.
Speakers
avatar for Tabitha Sable

Tabitha Sable

Staff Engineer, Datadog
Tabitha Sable never met a system she didn't want to take apart. She serves the Kubernetes community as co-chair of SIG Security and a member of the Security Response Committee. At work, Tabitha leads Runtime Infrastructure Security at Datadog. She writes exploits, hardens infrastructure... Read More →

slides 20201022 pdf
Text Transcript JMML 1600 txt
Wednesday November 18, 2020 5:45pm - 6:20pm EST
Intrado Virtual Event Platform
  Security + Identity + Policy