[jboss-jira] [JBoss JIRA] (JGRP-2275) ASYM_ENCRYPT: encrypt join response
Bela Ban (JIRA)
issues at jboss.org
Wed Jun 6 04:58:00 EDT 2018
Bela Ban created JGRP-2275:
------------------------------
Summary: ASYM_ENCRYPT: encrypt join response
Key: JGRP-2275
URL: https://issues.jboss.org/browse/JGRP-2275
Project: JGroups
Issue Type: Enhancement
Reporter: Bela Ban
Assignee: Bela Ban
Fix For: 4.0.12
In {{ASYM_ENCRYPT}}, when a new member joins, it sends a JOIN-REQ to the coordinator (unencrypted, as it does not yet have the secret key).
The coordinator skips decryption, creates a JOIN-RSP, and sends it to the joiner *unencrypted*. The reason is that the joiner doesn't yet have the secret key, so it couldn't possibly decrypt the JOIN-RSP and install the view.
(This is btw not a security issue as subsequent messages *are* encrypted and a rogue member would not be able to decrypt them. However, a rogue member would be able to join the cluster.
To prevent this, the JOIN-RSP sent by the coordinator to the joiner will be encrypted. The joiner will not be able to decrypt it and simply drops it, but it also asks the keyserver (coord) for the secret key. Once the secret key has been received, the (retransmitted) JOIN-RSP will be received, decrypted with the received secret key and the view can be installed.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the jboss-jira
mailing list