Presentation: Practical mTLS: Security Without the Headaches

Track: Building Security Infrastructure

Location: Plymouth - Royale, 6th fl.

Duration: 10:35am - 11:25am

Day of week: Tuesday

Level: Intermediate - Advanced

Persona: Architect, CTO/CIO/Leadership, Developer, Security Professional


Over the last few years, more and more system administrators and developers have become concerned about guaranteeing the authenticity, integrity, and confidentiality of their network communications. TLS has emerged as the solution recommended by security practitioners for all these problems. Let's Encrypt makes it easy to get a lock icon on a web browser, but in many cases public certificate authorities are inappropriate for private and internal uses. How can you mutually authenticate and secure communication between the services internal to your own infrastructure?

Unfortunately, setting up and maintaining the necessary Public Key Infrastructure that allows applications to communicate via mutual TLS is operationally challenging, contributing to the slow adoption of these security best practices.

Enter Docker swarm, a container orchestrator that significantly simplifies the operational complexities around issuance, renewal and distribution of TLS certificates for your nodes. This talk discusses in detail the implementation challenges of Swarm, how we greatly reduced the overhead necessary to manage an infrastructure that makes use of TLS certificates, and how we've added features such as transparent root key rotation, that reduce the risk of key compromise, and significantly increase the usability of Public Key Infrastructure.

Speaker: Ying Li

Security Engineer @Docker

Ying Li is a security engineer at Docker, based in San Francisco, focused on building security features for projects and products. Prior to Docker, Ying worked on the autoscaling system at Rackspace.

Find Ying Li at


Monday, 26 June

Tuesday, 27 June

Wednesday, 28 June