New Package Request: ktls-utils

[JeWe37]

Package name and purpose
ktls-utils provides the userspace component of kernel TLS. This is used for instance with the NFS xprtsec option in order to enable RPC-over-TLS for NFS.

• Package upstream repo: https://github.com/oracle/ktls-utils
• Gentoo ebuild: Does not seem to exist.

Impact of adding this package to the Flatcar OS image

The package improves on the following core values:

• Secure by default
• Always up to date
• Improve container experience
• Operate at scale / automation / telemetry

The package will increase the image size by: 0.1 MBytes.

How might this package increase the attack surface:
kTLS isn't used so far, so arguably problems in kTLS could present problems. On the other hand however, by using kTLS one could circumvent the need for Kerberos encryption, which is not as ubiquitous as TLS.

Benefits of adding this package
TLS is simpler to deploy than Kerberos for securing NFS shares, only requiring the distribution of x509 certificates and even permitting authentication via mtls.

Additional information
None