[jboss-jira] [JBoss JIRA] (JGRP-1883) Extend SASL protocol to handle Quality of Protection
David Lloyd (JIRA)
issues at jboss.org
Thu Sep 18 12:58:02 EDT 2014
[ https://issues.jboss.org/browse/JGRP-1883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13004023#comment-13004023 ]
David Lloyd commented on JGRP-1883:
-----------------------------------
I currently must recommend TLS over SASL for encryption and QOP. Recent SASL mechanisms support channel binding to the outer channel in order to further protect the authentication process. Most if not all of the existing standard SASL confidentiality mechanisms are not up to date with latest security best practices and may be vulnerable to attacks long since solved in TLS.
> Extend SASL protocol to handle Quality of Protection
> -----------------------------------------------------
>
> Key: JGRP-1883
> URL: https://issues.jboss.org/browse/JGRP-1883
> Project: JGroups
> Issue Type: Feature Request
> Affects Versions: 3.5
> Reporter: Richard Achmatowicz
> Assignee: Bela Ban
> Fix For: 3.6
>
>
> SASL implementations generally provide authentication and encryption services to communication protocols.
> At present, the JGroups SASL protocol layer handles only authentication of a client joining a group; it does not support encryption of messages (unicast and multicast) passing through the SASL layer. This is presently handled by the separate ENCRYPT layer.
> It would be nice to provide an integrated and complete solution for authentication and encryption for JGroups based on SASL. This could be achieved by adding functionality from ENCRYPT to the SASL layer.
--
This message was sent by Atlassian JIRA
(v6.3.1#6329)
More information about the jboss-jira
mailing list