From 261c69c4ff32812a29e13a875906a296a8f6c267 Mon Sep 17 00:00:00 2001 From: Dan Frost Date: Wed, 26 Nov 2014 13:05:33 +0000 Subject: [PATCH] docs: internals/security: minor fixes --- website/source/docs/internals/security.html.markdown | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/website/source/docs/internals/security.html.markdown b/website/source/docs/internals/security.html.markdown index 5c8e2f195..d9a22aae8 100644 --- a/website/source/docs/internals/security.html.markdown +++ b/website/source/docs/internals/security.html.markdown @@ -10,8 +10,8 @@ description: |- Consul relies on both a lightweight gossip mechanism and an RPC system to provide various features. Both of the systems have different security -mechanisms that stem from their designs. However, the goals -of Consuls security are to provide [confidentiality, integrity and authentication](http://en.wikipedia.org/wiki/Information_security). +mechanisms that stem from their designs. However, the overall goal +of Consul's security model is to provide [confidentiality, integrity and authentication](http://en.wikipedia.org/wiki/Information_security). The [gossip protocol](/docs/internals/gossip.html) is powered by [Serf](http://www.serfdom.io/), which uses a symmetric key, or shared secret, cryptosystem. There are more @@ -19,10 +19,11 @@ details on the security of [Serf here](http://www.serfdom.io/docs/internals/secu The RPC system supports using end-to-end TLS, with optional client authentication. [TLS](http://en.wikipedia.org/wiki/Transport_Layer_Security) is a widely deployed asymmetric -cryptosystem, and is the foundation of security on the Internet. +cryptosystem, and is the foundation of security on the Web, as well as +some other critical parts of the Internet. This means Consul communication is protected against eavesdropping, tampering, -or spoofing. This makes it possible to run Consul over untrusted networks such +and spoofing. This makes it possible to run Consul over untrusted networks such as EC2 and other shared hosting providers. ~> **Advanced Topic!** This page covers the technical details of