I’m very impressed by the good design and ease of use of Zerotier.
I’m however a bit concerned about the security of ZT network controllers.
The documentation clearly states that network controller identity (i.e. private key, correct me if I’m wrong) must not be compromised. A compromission would allow the attacker to make any kind of modifications to the networks managed by this controller (accept new hosts, modify rules, etc …).
However, I don’t see anywhere in the documentation a reference to a proper way to secure this identity.
For instance, it seems this identity cannot be stored in a HSM (hardware security module). This would reduce the risk in the sense that the attacker will never (or very hardly) be able to copy the identity. Hence once the compromission is detected and remedied, the attacker has no more access to the identity so no more ability to interfer with the ZT network.
This is kind of a concern for me, especially for ZT hosted network controllers. I have good confidence that ZT pals did their best to protect them, but as usual, no one is perfect. And the fact that ZT pals have such great powers means that they suddenly become a very interesting target of attack from my point of view.
Is there anyone out here who could develop an argument around this (e.g. explain me that I’m plain wrong or second my thoughts) ?
Have a nice day everyone !