Today we announced Geo Key Manager, a feature that gives customers unprecedented control over where their private keys are stored when uploaded to Cloudflare. This feature builds on a previous Cloudflare innovation called Keyless SSL and a novel cryptographic access control mechanism based on both identity-based encryption and broadcast encryption. In this post we’ll explain the technical details of this feature, the first of its kind in the industry, and how Cloudflare leveraged its existing network and technologies to build it.
Cloudflare launched Keyless SSL three years ago to wide acclaim. With Keyless SSL, customers are able to take advantage of the full benefits of Cloudflare’s network while keeping their HTTPS private keys inside their own infrastructure. Keyless SSL has been popular with customers in industries with regulations around the control of access to private keys, such as the financial industry. Keyless SSL adoption has been slower outside these regulated industries, partly because it requires customers to run custom software (the key server) inside their infrastructure.
One of the motivating use cases for Keyless SSL was the expectation that customers may not trust a third party like Cloudflare with their Continue reading
Cloudflare’s customers recognize that they need to protect the confidentiality and integrity of communications with their web visitors. The widely accepted solution to this problem is to use the SSL/TLS protocol to establish an encrypted HTTPS session, over which secure requests can then be sent. Eavesdropping is protected against as only those who have access to the “private key” can legitimately identify themselves to browsers and decrypt encrypted requests.
Today, more than half of all traffic on the web uses HTTPS—but this was not always the case. In the early days of SSL, the protocol was viewed as slow as each encrypted request required two round trips between the user’s browser and web server. Companies like Cloudflare solved this problem by putting web servers close to end users and utilizing session resumption to eliminate those round trips for all but the very first request.
As Internet adoption grew around the world, with companies increasingly serving global and more remote audiences, providers like Cloudflare had to continue expanding their physical footprint to keep up with demand. As of the date this blog post was published, Cloudflare has data centers in over 55 countries, and we continue Continue reading
For operations teams, managing a serverless environment requires a fundamentally new approach.
In the Future of Networking with Fred Baker Fred mentioned an interesting IPv6 deployment scenario: give a /64 prefix to every server to support container deployment, and run routing protocols between servers and ToR switches to advertise the /64 prefix to the data center fabric preferably using link-local addresses.
Let’s recap:
Read more ... Look for an AWS version to launch next year.
It’s been a week of jubilation: The Internet Society celebrated 25 years of advocacy for an open, globally-connected, and secure Internet with events that crisscrossed the globe. The festivities kicked off at the University of California Los Angeles campus where in 1969 the first message was sent over ARPANET – the Internet’s predecessor.
On 18 September, the 25 Under 25 award ceremony honored young people around the world for their extraordinary work. Born in the age of the Internet, these everyday heroes are passionate about using it to make a positive impact on their communities. Their projects include connecting people with disabilities to employment opportunities, using AI to identify fake news, and humanizing issues affecting refugees and the LGBT community.
Learn more about the 25 Under 25 awardees
Watch the 25 Under 25 Award Ceremony
Just a few hours later, the 2017 Internet Society Global Internet Report: Paths to Our Digital Future was launched. The interactive report, the result of in-depth interviews, roundtables, and surveys conducted in 160 countries and 21 regions around the world, offers a glimpse into how the future of the Internet might impact humanity. The report encourages you to explore paths to our digital future, asks thought-provoking Continue reading
What a difference a year makes… last September, Microsoft and Docker launched Docker Enterprise Edition (EE), a Containers-as-a-Service platform for IT that manages and secures diverse applications across disparate infrastructures, for Windows Server 2016. Since then we’ve continued to work together and Windows Server 1709 contains several enhancements for Docker customers.
To experiment with the new Docker and Windows features, a preview build of Docker is required. Here’s how to install it on Windows Server 1709 (this will also work on Insider builds):
Install-Module DockerProvider Install-Package Docker -ProviderName DockerProvider -RequiredVersion preview
To run Docker Windows containers in production on any Windows Server version, please stick to Docker EE 17.06.
A key focus of Windows Server version 1709 is support for Linux containers on Windows. We’ve already blogged about how we’re supporting Linux containers on Windows with the LinuxKit project.
To try Linux Containers on Windows Server 1709, install the preview Docker package and enable the feature. The preview Docker EE package includes a full LinuxKit system (all 13MB of it) for use when running Docker Linux containers.
[Environment]::SetEnvironmentVariable("LCOW_SUPPORTED", "1", "Machine") Restart-Service Docker
To disable, just remove the environment variable:
[Environment]::SetEnvironmentVariable("LCOW_SUPPORTED", Continue reading
They each originated outside of the open source group for specific purposes.
The first order of business is standardizing APIs that support edge computing interoperability.
Both cloud subsystems are linked to a "new computing paradigm."
The archive platform is extensible enough to work across any cloud provider.