Practical TLS Advice for Large Infrastructure

Note: Presentation times are in Coordinated Universal Time (UTC).

Thursday, 14 October, 2021 - 03:30–04:00

Mark Hahn, Ciber Global; Ted Hahn, TCB Technologies


We will present practical advice for leveraging TLS to secure communications across your infrastructure. This applies to nodes and pods on Kubernetes or on other large deployment infrastructure. The current tools set for large leaves various gaps for deploying TLS and also causes friction within your infrastructure.

Protocols like ACME and tools like service meshes provide some support for distributing certificates but do not help with the larger problems of certificate authority architecture, nor provide advice for how to build certificates that strengthen your security posture.

PKI can be used to reduce security risks and simplify reporting. Public key infrastructure can be used to identify services to one another with a very different set of tradeoffs than shared-secret infrastructure.

Mark Hahn, Ciber Global

Mark Hahn is Practice Director for Cloud Strategies and DevOps for Ciber Global. He has 25+ years of experience as a Principal Architect delivering large-scale systems, including Wall Street trading systems, multinational retail payments systems and supply chain systems. Mark practices and coaches continuous delivery techniques that improve delivery timelines and increase system reliability, including Lean software development and continuous improvement.

Ted Hahn, TCB Technologies

Ted Hahn is an experienced Site Reliability Engineer, having worked at Google, Facebook, and Uber, and most recently having been the primary SRE for Houseparty—maintaining an infrastructure used for thousands of QPS by millions of users in a company of less than 50.

SREcon21 Open Access Sponsored by Indeed

@conference {276751,
author = {Mark Hahn and Ted Hahn},
title = {Practical {TLS} Advice for Large Infrastructure},
year = {2021},
publisher = {USENIX Association},
month = oct

Presentation Video