The security of computing resources and associated data is of high importance in many contexts. As an example, organizations often utilize networks of computing devices to provide a robust set of services to their users. Networks often span multiple geographic boundaries and often connect with other networks. An organization, for example, may support its operations using both internal networks of computing resources and computing resources managed by others. Computers of the organization, for instance, may communicate with computers of other organizations to access and/or provide data while using services of another organization. In many instances, organizations configure and operate remote networks using hardware managed by other organizations, thereby reducing infrastructure costs and achieving other advantages.
With such configurations of computing resources, ensuring that access to the resources and the data they hold is secure can be challenging, especially as the size and complexity of such configurations grow.
Many techniques have been developed to enhance data security. For example, transport layer security (TLS) and other protocols allow secure communications over a network between computer systems using symmetric cryptographic keys. Such protocols, however, are often avoided because of the difficulty of storing and distributing the symmetric cryptographic keys in a secure manner. Asymmetric cryptography provides mechanisms for two computer systems to share symmetric cryptographic keys. However, techniques utilizing asymmetric cryptography often rely on certificate authorities which are often operated outside of the control of the entities forming a secure communication. As a result, a compromise to the security of a certificate authority can compromise the security of communications transmitted over communication channels created in reliance on the certificate authority.