]
Bela Ban updated JGRP-2157:
---------------------------
Security Sensitive Issue: This issue is security relevant
Security: (was: Security Issue)
KEY_EXCHANGE protocol
---------------------
Key: JGRP-2157
URL:
https://issues.jboss.org/browse/JGRP-2157
Project: JGroups
Issue Type: Feature Request
Reporter: Bela Ban
Assignee: Bela Ban
Fix For: 4.0.5
{{ASYM_ENCRYPT}} needs to exchange the shared key used for encrypting and decrypting
messages between members, when a new member joins, when a member leaves, or on a merge.
This is currently done by code in {{ASYM_ENCRYPT}} itself. However, I want to move this
functionality into a separate protocol {{KEY_EXCHANGE}}, which supports an event
{{GET_SHARED_KEY}}, called by {{ASYM_ENCRYPT}}. This event could be implemented by
different protocols.
An implementation could use certificates and SSL sockets to establish a connection from
the joiner to the key server (coordinator) in order to fetch the shared (symmetric) key.
The joiner would not only have to check the certificate of the keyserver, but also the
user CN.
Another implementation would be the current code, moved into a separate protocol, plus
certificate handling added, e.g. checking of the certificate chain, plus use CN
verification.
The goals are:
# Refactoring of the key exchange code to support multiple implementations
# Prevent man-in-the-middle-attacks. Because certificates are used, checking of the
certificate chain prevents MitM attacks
# Make AUTH optional. When certificate are used, obtaining the shared symmetric
encryption key authenticates the client (joiner), so {{AUTH}} is not needed in this case.