]
Bela Ban edited comment on JGRP-2273 at 6/28/19 2:20 AM:
---------------------------------------------------------
A new protocol {{SERIALIZE}} has been created and can be used instead of
{{encrypt_entire_message}} as follows:
{code:xml}
...
<ASYM_ENCRYPT/>
<SERIALIZE/>
...
{code}
An example is shown in {{EncryptTest.testCapturingOfMessageByNonMemberAndResending()}}
was (Author: belaban):
A new protocol {{SERIALIZE}} has been created and can be used instead of
{{encrypt_entire_message}} as follows:
{code:xml}
...
<SERIALIZE/>
<ASYM_ENCRYPT/>
...
{code}
An example is shown in {{EncryptTest.testCapturingOfMessageByNonMemberAndResending()}}
ASYM_ENCRYPT: deprecate encrypt_entire_message
----------------------------------------------
Key: JGRP-2273
URL:
https://issues.jboss.org/browse/JGRP-2273
Project: JGroups
Issue Type: Enhancement
Reporter: Bela Ban
Assignee: Bela Ban
Priority: Major
Fix For: 4.0.12
In {{ASYM_ENCRYPT}}, {{encrypt_entire_message}} encrypts not only the payload, but also
metadata such as destination and sender's address, headers and flags.
The rationale was to prevent replay attacks. However, this is not an issue, as replayed
messages will simply get dropped by the retransmission layer (e.g. NAKACK2 or UNICAST3).
If people still want this feature, they can write a protocol _above_ {{ASYM_ENCRYPT}},
which serializes the entire message into the payload of a new message, and this would be
exactly the same as setting {{encrypt_entire_message}} to {{true}}.